Cross-Model Anecdotes – full_cve_ids_3.1_header · seed=42 · metric=pr
Models: xlnet, lrp-bert, lrp-distilbert

#1 · cve_id CVE-2022-45688 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁stack overflow ▁in ▁the ▁XML . to JSON Object ▁component ▁of hu tool - js ▁on ▁v 5 . 8 . 10 ▁allows ▁attackers ▁to ▁cause ▁a Denial ▁of ▁Service ( DoS ) ▁via ▁crafted JSON ▁or ▁XML ▁data . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
SHAP (words)
A stack overflow in the XML. toJSONObject component of hutool- json v5. 8. 10 allows attackers to cause a Denial of Service ( DoS) via crafted JSON or XML data
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A stack overflow in the XML . to JSON Object component of hut ##ool - js on v ##5 . 8 . 10 allows attackers to cause a Denial of Service ( DoS ) via crafted JSON or XML data . [SEP]
LRP (+Pred, pos-only)
[CLS] A stack overflow in the XML . to JSON Object component of hut ##ool - js on v ##5 . 8 . 10 allows attackers to cause a Denial of Service ( DoS ) via crafted JSON or XML data . [SEP]
LIME (words)
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
SHAP (words)
A stack overflow in the XML. toJSONObject component of hutool- json v5. 8. 10 allows attackers to cause a Denial of Service ( DoS) via crafted JSON or XML data
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A stack overflow in the XML . to JSON Object component of hut ##ool - js on v ##5 . 8 . 10 allows attackers to cause a Denial of Service ( DoS ) via crafted JSON or XML data . [SEP]
LRP (+Pred, pos-only)
[CLS] A stack overflow in the XML . to JSON Object component of hut ##ool - js on v ##5 . 8 . 10 allows attackers to cause a Denial of Service ( DoS ) via crafted JSON or XML data . [SEP]
LIME (words)
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
SHAP (words)
A stack overflow in the XML. toJSONObject component of hutool- json v5. 8. 10 allows attackers to cause a Denial of Service ( DoS) via crafted JSON or XML data
#2 · cve_id CVE-2024-23477 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The SolarWinds ▁Access ▁Rights Manage r ( ARM ) ▁was ▁found ▁to ▁be su sc ep t ible ▁to ▁a ▁Directory Traversal Remote ▁Code Execution Vulnerability . ▁If ▁exploited ▁this ▁vulnerability ▁allows ▁an unauthenticated ▁user ▁to ▁achieve ▁a Remote ▁Code Execution . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
SHAP (words)
The SolarWinds Access Rights Manager ( ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited this vulnerability allows an unauthenticated user to achieve a Remote Code Execution
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The SolarWinds Access Rights Manage r ( ARM ) was found to be su sc e ##pt ##ible to a Directory Traversal Remote Code Execution Vulnerability . If ex ##p ##lo ite d this vulnerability allows an unauthenticated user to achieve a Remote Code Execution . [SEP]
LRP (+Pred, pos-only)
[CLS] The SolarWinds Access Rights Manage r ( ARM ) was found to be su sc e ##pt ##ible to a Directory Traversal Remote Code Execution Vulnerability . If ex ##p ##lo ite d this vulnerability allows an unauthenticated user to achieve a Remote Code Execution . [SEP]
LIME (words)
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
SHAP (words)
The SolarWinds Access Rights Manager ( ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited this vulnerability allows an unauthenticated user to achieve a Remote Code Execution
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The SolarWinds Access Rights Manage r ( ARM ) was found to be su sc e ##pt ##ible to a Directory Traversal Remote Code Execution Vulnerability . If ex ##p ##lo ite d this vulnerability allows an unauthenticated user to achieve a Remote Code Execution . [SEP]
LRP (+Pred, pos-only)
[CLS] The SolarWinds Access Rights Manage r ( ARM ) was found to be su sc e ##pt ##ible to a Directory Traversal Remote Code Execution Vulnerability . If ex ##p ##lo ite d this vulnerability allows an unauthenticated user to achieve a Remote Code Execution . [SEP]
LIME (words)
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
SHAP (words)
The SolarWinds Access Rights Manager ( ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited this vulnerability allows an unauthenticated user to achieve a Remote Code Execution
#3 · cve_id CVE-2022-38628 · pr
GT=NONE (0)
xlnet · Pred=LOW (1) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Nor tek Linear eMerge ▁E 3 - S eries ▁0 . 32 - 08 f ▁0 . 32 - 07 p ▁0 . 32 - 07 e ▁0 . 32 - 09 c ▁0 . 32 - 09 b ▁0 . 32 - 09 a ▁and ▁0 . 32 - 08 e ▁were ▁di sc ▁over ed ▁to ▁contain ▁a cross-site scripting ( XSS ) ▁vulnerability ▁which ▁is ▁chain ed ▁with ▁a ▁local se ssi ▁on fixation . ▁This ▁vulnerability ▁allows ▁attackers ▁to escalate ▁privileges ▁via unspecified ▁vector s . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Nortek Linear eMerge E3-Series 0.32-08f 0.32-07p 0.32-07e 0.32-09c 0.32-09b 0.32-09a and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.
SHAP (words)
Nortek Linear eMerge E3- Series 0. 32- 08f 0. 32- 07p 0. 32- 07e 0. 32- 09c 0. 32- 09b 0. 32- 09a and 0. 32- 08e were discovered to contain a cross- site scripting ( XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors
lrp-bert · Pred=LOW (1) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Norte ##k Linear eMerge E ##3 - Series 0 . 32 - 08 ##f 0 . 32 - 07 ##p 0 . 32 - 07 ##e 0 . 32 - 09 ##c 0 . 32 - 09 ##b 0 . 32 - 09 ##a and 0 . 32 - 08 ##e were di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability which is chained with a local se ssi on fixation . This vulnerability allows attackers to escalate privileges via unspecified vectors . [SEP]
LRP (+Pred, pos-only)
[CLS] Norte ##k Linear eMerge E ##3 - Series 0 . 32 - 08 ##f 0 . 32 - 07 ##p 0 . 32 - 07 ##e 0 . 32 - 09 ##c 0 . 32 - 09 ##b 0 . 32 - 09 ##a and 0 . 32 - 08 ##e were di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability which is chained with a local se ssi on fixation . This vulnerability allows attackers to escalate privileges via unspecified vectors . [SEP]
LIME (words)
Nortek Linear eMerge E3-Series 0.32-08f 0.32-07p 0.32-07e 0.32-09c 0.32-09b 0.32-09a and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.
SHAP (words)
Nortek Linear eMerge E3- Series 0. 32- 08f 0. 32- 07p 0. 32- 07e 0. 32- 09c 0. 32- 09b 0. 32- 09a and 0. 32- 08e were discovered to contain a cross- site scripting ( XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors
lrp-distilbert · Pred=LOW (1) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Norte ##k Linear eMerge E ##3 - Series 0 . 32 - 08 ##f 0 . 32 - 07 ##p 0 . 32 - 07 ##e 0 . 32 - 09 ##c 0 . 32 - 09 ##b 0 . 32 - 09 ##a and 0 . 32 - 08 ##e were di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability which is chained with a local se ssi on fixation . This vulnerability allows attackers to escalate privileges via unspecified vectors . [SEP]
LRP (+Pred, pos-only)
[CLS] Norte ##k Linear eMerge E ##3 - Series 0 . 32 - 08 ##f 0 . 32 - 07 ##p 0 . 32 - 07 ##e 0 . 32 - 09 ##c 0 . 32 - 09 ##b 0 . 32 - 09 ##a and 0 . 32 - 08 ##e were di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability which is chained with a local se ssi on fixation . This vulnerability allows attackers to escalate privileges via unspecified vectors . [SEP]
LIME (words)
Nortek Linear eMerge E3-Series 0.32-08f 0.32-07p 0.32-07e 0.32-09c 0.32-09b 0.32-09a and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.
SHAP (words)
Nortek Linear eMerge E3- Series 0. 32- 08f 0. 32- 07p 0. 32- 07e 0. 32- 09c 0. 32- 09b 0. 32- 09a and 0. 32- 08e were discovered to contain a cross- site scripting ( XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors
#4 · cve_id CVE-2020-8943 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁arbitrary ▁memory ▁read ▁vulnerability ▁in Asylo ▁versions ▁up ▁to ▁0 . 6 . 0 ▁allows ▁an untrusted ▁attacker ▁to ▁make ▁a ▁call ▁to en c _ untrusted ▁_ rec v from ▁whose ▁return ▁size ▁was ▁not validated ▁against ▁the ▁requested ▁size . ▁The param eter ▁size ▁is unchecked ▁allowing ▁the ▁attacker ▁to ▁read ▁memory ▁locations ▁out sid e ▁of ▁the ▁intended ▁buffer ▁size ▁including ▁memory ▁addresses ▁within ▁the ▁secure enclave . ▁We ▁recommend upgrading ▁past ▁commit ▁6 e 15 8 d 5 58 ab d 3 c 29 a 02 08 e 30 c 97 c 9 a 8 c 5 b d 42 30 f <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f
SHAP (words)
An arbitrary memory read vulnerability in Asylo versions up to 0. 6. 0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f
lrp-bert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An arbitrary memory read vulnerability in Asylo versions up to 0 . 6 . 0 allows an untrusted attacker to make a call to en ##c _ untrusted _ re ##c ##v ##f ##rom whose return size was not validated against the requested size . The param et ##er size is unchecked allowing the attacker to read memory locations out sid e of the int ended buffer size including memory addresses within the secure enclave . We recommend upgrading past commit 6 ##e ##15 ##8 ##d ##55 ##8 ##ab ##d ##3 ##c ##29 ##a ##0 ##20 ##8 ##e ##30 ##c ##9 ##7 ##c ##9 ##a ##8 ##c ##5 ##b ##d ##42 ##30 ##f [SEP]
LRP (+Pred, pos-only)
[CLS] An arbitrary memory read vulnerability in Asylo versions up to 0 . 6 . 0 allows an untrusted attacker to make a call to en ##c _ untrusted _ re ##c ##v ##f ##rom whose return size was not validated against the requested size . The param et ##er size is unchecked allowing the attacker to read memory locations out sid e of the int ended buffer size including memory addresses within the secure enclave . We recommend upgrading past commit 6 ##e ##15 ##8 ##d ##55 ##8 ##ab ##d ##3 ##c ##29 ##a ##0 ##20 ##8 ##e ##30 ##c ##9 ##7 ##c ##9 ##a ##8 ##c ##5 ##b ##d ##42 ##30 ##f [SEP]
LIME (words)
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f
SHAP (words)
An arbitrary memory read vulnerability in Asylo versions up to 0. 6. 0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An arbitrary memory read vulnerability in Asylo versions up to 0 . 6 . 0 allows an untrusted attacker to make a call to en ##c _ untrusted _ re ##c ##v ##f ##rom whose return size was not validated against the requested size . The param et ##er size is unchecked allowing the attacker to read memory locations out sid e of the int ended buffer size including memory addresses within the secure enclave . We recommend upgrading past commit 6 ##e ##15 ##8 ##d ##55 ##8 ##ab ##d ##3 ##c ##29 ##a ##0 ##20 ##8 ##e ##30 ##c ##9 ##7 ##c ##9 ##a ##8 ##c ##5 ##b ##d ##42 ##30 ##f [SEP]
LRP (+Pred, pos-only)
[CLS] An arbitrary memory read vulnerability in Asylo versions up to 0 . 6 . 0 allows an untrusted attacker to make a call to en ##c _ untrusted _ re ##c ##v ##f ##rom whose return size was not validated against the requested size . The param et ##er size is unchecked allowing the attacker to read memory locations out sid e of the int ended buffer size including memory addresses within the secure enclave . We recommend upgrading past commit 6 ##e ##15 ##8 ##d ##55 ##8 ##ab ##d ##3 ##c ##29 ##a ##0 ##20 ##8 ##e ##30 ##c ##9 ##7 ##c ##9 ##a ##8 ##c ##5 ##b ##d ##42 ##30 ##f [SEP]
LIME (words)
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f
SHAP (words)
An arbitrary memory read vulnerability in Asylo versions up to 0. 6. 0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f
#5 · cve_id CVE-2023-21635 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.86 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Memory Corruption ▁in ▁Data ▁Network Stack ▁& Connectivity ▁when sim ▁gets ▁detected ▁on ▁tele phon y . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
SHAP (words)
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony
lrp-bert · Pred=NONE (0) · p=0.79 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Memory Corruption in Data Network Stack & Connectivity when si ##m gets detected on te ##le ##phony . [SEP]
LRP (+Pred, pos-only)
[CLS] Memory Corruption in Data Network Stack & Connectivity when si ##m gets detected on te ##le ##phony . [SEP]
LIME (words)
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
SHAP (words)
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony
lrp-distilbert · Pred=NONE (0) · p=0.65 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Memory Corruption in Data Network Stack & Connectivity when si ##m gets detected on te ##le ##phony . [SEP]
LRP (+Pred, pos-only)
[CLS] Memory Corruption in Data Network Stack & Connectivity when si ##m gets detected on te ##le ##phony . [SEP]
LIME (words)
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
SHAP (words)
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony
#6 · cve_id CVE-2020-9783 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁use ▁after ▁free ▁issue ▁was ▁addressed ▁with ▁improved ▁memory ▁man a gem ent . ▁This ▁issue ▁is ▁fixed ▁in ▁iOS ▁13 . 4 ▁and iPadOS ▁13 . 4 tvOS ▁13 . 4 Safari ▁13 . 1 ▁iTunes ▁for ▁Windows ▁12 . 10 . 5 iCloud ▁for ▁Windows ▁10 . 9 . 3 iCloud ▁for ▁Windows ▁7 . 18 . Processing maliciously ▁crafted ▁web ▁content ▁may ▁lead ▁to ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4 tvOS 13.4 Safari 13.1 iTunes for Windows 12.10.5 iCloud for Windows 10.9.3 iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.
SHAP (words)
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13. 4 and iPadOS 13. 4 tvOS 13. 4 Safari 13. 1 iTunes for Windows 12. 10. 5 iCloud for Windows 10. 9. 3 iCloud for Windows 7. 18. Processing maliciously crafted web content may lead to code execution
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A use after free issue was addressed with improved memory man ##a gem en ##t . This issue is fixed in iOS 13 . 4 and iPadOS 13 . 4 tvOS 13 . 4 Safari 13 . 1 iTunes for Windows 12 . 10 . 5 iCloud for Windows 10 . 9 . 3 iCloud for Windows 7 . 18 . Processing maliciously crafted web content may lead to code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] A use after free issue was addressed with improved memory man ##a gem en ##t . This issue is fixed in iOS 13 . 4 and iPadOS 13 . 4 tvOS 13 . 4 Safari 13 . 1 iTunes for Windows 12 . 10 . 5 iCloud for Windows 10 . 9 . 3 iCloud for Windows 7 . 18 . Processing maliciously crafted web content may lead to code exec u ##tion . [SEP]
LIME (words)
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4 tvOS 13.4 Safari 13.1 iTunes for Windows 12.10.5 iCloud for Windows 10.9.3 iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.
SHAP (words)
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13. 4 and iPadOS 13. 4 tvOS 13. 4 Safari 13. 1 iTunes for Windows 12. 10. 5 iCloud for Windows 10. 9. 3 iCloud for Windows 7. 18. Processing maliciously crafted web content may lead to code execution
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A use after free issue was addressed with improved memory man ##a gem en ##t . This issue is fixed in iOS 13 . 4 and iPadOS 13 . 4 tvOS 13 . 4 Safari 13 . 1 iTunes for Windows 12 . 10 . 5 iCloud for Windows 10 . 9 . 3 iCloud for Windows 7 . 18 . Processing maliciously crafted web content may lead to code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] A use after free issue was addressed with improved memory man ##a gem en ##t . This issue is fixed in iOS 13 . 4 and iPadOS 13 . 4 tvOS 13 . 4 Safari 13 . 1 iTunes for Windows 12 . 10 . 5 iCloud for Windows 10 . 9 . 3 iCloud for Windows 7 . 18 . Processing maliciously crafted web content may lead to code exec u ##tion . [SEP]
LIME (words)
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4 tvOS 13.4 Safari 13.1 iTunes for Windows 12.10.5 iCloud for Windows 10.9.3 iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.
SHAP (words)
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13. 4 and iPadOS 13. 4 tvOS 13. 4 Safari 13. 1 iTunes for Windows 12. 10. 5 iCloud for Windows 10. 9. 3 iCloud for Windows 7. 18. Processing maliciously crafted web content may lead to code execution
#7 · cve_id CVE-2019-5962 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Cross-site scripting ▁vulnerability ▁in Zoho ▁Sales IQ ▁1 . 0 . 8 ▁and ▁earlier ▁allows ▁remote ▁attackers ▁to inject ▁arbitrary ▁web sc ▁rip t ▁or HTML ▁via unspecified ▁vector s . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SHAP (words)
Cross- site scripting vulnerability in Zoho SalesIQ 1. 0. 8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-site scripting vulnerability in Zoho Sales IQ 1 . 0 . 8 and earlier allows remote attackers to inject arbitrary web sc r ip t or HTML via unspecified vectors . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-site scripting vulnerability in Zoho Sales IQ 1 . 0 . 8 and earlier allows remote attackers to inject arbitrary web sc r ip t or HTML via unspecified vectors . [SEP]
LIME (words)
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SHAP (words)
Cross- site scripting vulnerability in Zoho SalesIQ 1. 0. 8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-site scripting vulnerability in Zoho Sales IQ 1 . 0 . 8 and earlier allows remote attackers to inject arbitrary web sc r ip t or HTML via unspecified vectors . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-site scripting vulnerability in Zoho Sales IQ 1 . 0 . 8 and earlier allows remote attackers to inject arbitrary web sc r ip t or HTML via unspecified vectors . [SEP]
LIME (words)
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SHAP (words)
Cross- site scripting vulnerability in Zoho SalesIQ 1. 0. 8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors
#8 · cve_id CVE-2019-8721 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Multiple ▁issues ▁in ld 64 ▁in ▁the Xcode ▁tool chain s ▁were ▁addressed ▁by updating ▁to ▁version ld 64 - 50 7 . 4 . ▁This ▁issue ▁is ▁fixed ▁in Xcode ▁11 . 0 . Compiling ▁code ▁without ▁proper ▁input validation ▁could ▁lead ▁to ▁arbitrary ▁code ▁execution ▁with ▁user ▁privilege . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
SHAP (words)
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64- 507. 4. This issue is fixed in Xcode 11. 0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mu ##lt ip le issues in l ##d ##64 in the Xcode tool ##cha ##ins were addressed by updating to version l ##d ##64 - 50 ##7 . 4 . This issue is fixed in Xcode 11 . 0 . Compiling code without proper input validation could lead to arbitrary code exec u ##tion with user privilege . [SEP]
LRP (+Pred, pos-only)
[CLS] Mu ##lt ip le issues in l ##d ##64 in the Xcode tool ##cha ##ins were addressed by updating to version l ##d ##64 - 50 ##7 . 4 . This issue is fixed in Xcode 11 . 0 . Compiling code without proper input validation could lead to arbitrary code exec u ##tion with user privilege . [SEP]
LIME (words)
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
SHAP (words)
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64- 507. 4. This issue is fixed in Xcode 11. 0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mu ##lt ip le issues in l ##d ##64 in the Xcode tool ##cha ##ins were addressed by updating to version l ##d ##64 - 50 ##7 . 4 . This issue is fixed in Xcode 11 . 0 . Compiling code without proper input validation could lead to arbitrary code exec u ##tion with user privilege . [SEP]
LRP (+Pred, pos-only)
[CLS] Mu ##lt ip le issues in l ##d ##64 in the Xcode tool ##cha ##ins were addressed by updating to version l ##d ##64 - 50 ##7 . 4 . This issue is fixed in Xcode 11 . 0 . Compiling code without proper input validation could lead to arbitrary code exec u ##tion with user privilege . [SEP]
LIME (words)
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
SHAP (words)
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64- 507. 4. This issue is fixed in Xcode 11. 0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege
#9 · cve_id CVE-2021-37019 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁There ▁is ▁a Improper Input Validation ▁vulnerability ▁in Huawei ▁Smart phone . Successful ▁exploitation ▁of ▁this ▁vulnerability ▁will ▁cause ▁kernel ▁crash . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
SHAP (words)
There is a Improper Input Validation vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability will cause kernel crash
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] There is a Improper Input Validation vulnerability in Huawei Smart ##phone . Successful exploitation of this vulnerability will cause kernel crash . [SEP]
LRP (+Pred, pos-only)
[CLS] There is a Improper Input Validation vulnerability in Huawei Smart ##phone . Successful exploitation of this vulnerability will cause kernel crash . [SEP]
LIME (words)
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
SHAP (words)
There is a Improper Input Validation vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability will cause kernel crash
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] There is a Improper Input Validation vulnerability in Huawei Smart ##phone . Successful exploitation of this vulnerability will cause kernel crash . [SEP]
LRP (+Pred, pos-only)
[CLS] There is a Improper Input Validation vulnerability in Huawei Smart ##phone . Successful exploitation of this vulnerability will cause kernel crash . [SEP]
LIME (words)
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
SHAP (words)
There is a Improper Input Validation vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability will cause kernel crash
#10 · cve_id CVE-2021-36809 · pr
GT=HIGH (2)
xlnet · Pred=LOW (1) · p=0.97 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁local ▁attacker ▁can overwrite ▁arbitrary ▁files ▁on ▁the ▁system ▁with VPN ▁client ▁logs ▁using admin ▁is t rator ▁privileges ▁potentially ▁resulting ▁in ▁a ▁denial ▁of ▁service ▁and ▁data ▁loss ▁in ▁all ▁versions ▁of Sophos SSL VPN ▁client . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN client.
SHAP (words)
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN client
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A local attacker can overwrite arbitrary files on the system with VPN cli en ##t logs using admin is ##tra ##tor privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN cli en ##t . [SEP]
LRP (+Pred, pos-only)
[CLS] A local attacker can overwrite arbitrary files on the system with VPN cli en ##t logs using admin is ##tra ##tor privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN cli en ##t . [SEP]
LIME (words)
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN client.
SHAP (words)
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN client
lrp-distilbert · Pred=HIGH (2) · p=0.75 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A local attacker can overwrite arbitrary files on the system with VPN cli en ##t logs using admin is ##tra ##tor privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN cli en ##t . [SEP]
LRP (+Pred, pos-only)
[CLS] A local attacker can overwrite arbitrary files on the system with VPN cli en ##t logs using admin is ##tra ##tor privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN cli en ##t . [SEP]
LIME (words)
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN client.
SHAP (words)
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges potentially resulting in a denial of service and data loss in all versions of Sophos SSL VPN client
#11 · cve_id CVE-2023-28405 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Uncontrolled ▁search ▁path ▁in ▁the ▁Intel ( R ) ▁Distribution ▁of ▁Open VI NO ( TM ) Toolkit ▁before ▁version ▁20 22 . 3 . 0 ▁may ▁allow ▁an authenticated ▁user ▁to ▁potentially ▁enable escalation ▁of ▁privilege ▁via ▁local ▁access . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Uncontrolled search path in the Intel( R) Distribution of OpenVINO( TM) Toolkit before version 2022. 3. 0 may allow an authenticated user to potentially enable escalation of privilege via local access
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Uncontrolled search path in the Intel ( R ) Distribution of Open ##VI ##N ##O ( T ##M ) Toolkit before version 202 ##2 . 3 . 0 may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Uncontrolled search path in the Intel ( R ) Distribution of Open ##VI ##N ##O ( T ##M ) Toolkit before version 202 ##2 . 3 . 0 may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LIME (words)
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Uncontrolled search path in the Intel( R) Distribution of OpenVINO( TM) Toolkit before version 2022. 3. 0 may allow an authenticated user to potentially enable escalation of privilege via local access
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Uncontrolled search path in the Intel ( R ) Distribution of Open ##VI ##N ##O ( T ##M ) Toolkit before version 202 ##2 . 3 . 0 may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Uncontrolled search path in the Intel ( R ) Distribution of Open ##VI ##N ##O ( T ##M ) Toolkit before version 202 ##2 . 3 . 0 may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LIME (words)
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Uncontrolled search path in the Intel( R) Distribution of OpenVINO( TM) Toolkit before version 2022. 3. 0 may allow an authenticated user to potentially enable escalation of privilege via local access
#12 · cve_id CVE-2021-0121 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Improper ▁access ▁control ▁in ▁the installer ▁for ▁some ▁Intel ( R ) ▁I ris ( R ) ▁X e MAX ▁De dicate d Graphics ▁Driver s ▁for ▁Windows ▁10 ▁before ▁version ▁27 . 20 . 100 . 94 66 ▁may ▁allow authenticated ▁user ▁to ▁potentially ▁enable escalation ▁of ▁privilege ▁via ▁local ▁access . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Improper access control in the installer for some Intel( R) Iris( R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27. 20. 100. 9466 may allow authenticated user to potentially enable escalation of privilege via local access
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper access control in the installer for some Intel ( R ) Iris ( R ) X ##e MAX De ##dicated Graphics Drivers for Windows 10 before version 27 . 20 . 100 . 94 ##6 ##6 may allow authenticated user to potentially enable escalation of privilege via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper access control in the installer for some Intel ( R ) Iris ( R ) X ##e MAX De ##dicated Graphics Drivers for Windows 10 before version 27 . 20 . 100 . 94 ##6 ##6 may allow authenticated user to potentially enable escalation of privilege via local access . [SEP]
LIME (words)
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Improper access control in the installer for some Intel( R) Iris( R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27. 20. 100. 9466 may allow authenticated user to potentially enable escalation of privilege via local access
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper access control in the installer for some Intel ( R ) Iris ( R ) X ##e MAX De ##dicated Graphics Drivers for Windows 10 before version 27 . 20 . 100 . 94 ##6 ##6 may allow authenticated user to potentially enable escalation of privilege via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper access control in the installer for some Intel ( R ) Iris ( R ) X ##e MAX De ##dicated Graphics Drivers for Windows 10 before version 27 . 20 . 100 . 94 ##6 ##6 may allow authenticated user to potentially enable escalation of privilege via local access . [SEP]
LIME (words)
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Improper access control in the installer for some Intel( R) Iris( R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27. 20. 100. 9466 may allow authenticated user to potentially enable escalation of privilege via local access
#13 · cve_id CVE-2022-3878 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability cla ssi fi ed ▁as ▁critical ▁has ▁been ▁found ▁in ▁Max on ERP . ▁This ▁affects ▁an ▁unknown ▁part ▁of ▁the ▁file / index . php / purchase _ order / browse ▁_ data . ▁The ▁manipulation ▁of ▁the ▁argument t b _ search ▁leads ▁to sql inject ion . ▁It ▁is ▁po ssi ble ▁to init iate ▁the ▁attack ▁remotely . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁The ▁associated identifier ▁of ▁this ▁vulnerability ▁is ▁V DB - 21 30 39 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.
SHAP (words)
A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file / index. php/ purchase_order/ browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 213039
lrp-bert · Pred=NONE (0) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability c ##la ssi fi ##ed as critical has been found in Max ##on ERP . This affects an unknown part of the file / index . php / purchase _ order / browse _ data . The man ip ul ##ation of the argument t ##b _ search leads to sql inject ion . It is p ##o ssi b ##le to init i ##ate the attack remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 213 ##0 ##39 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability c ##la ssi fi ##ed as critical has been found in Max ##on ERP . This affects an unknown part of the file / index . php / purchase _ order / browse _ data . The man ip ul ##ation of the argument t ##b _ search leads to sql inject ion . It is p ##o ssi b ##le to init i ##ate the attack remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 213 ##0 ##39 . [SEP]
LIME (words)
A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.
SHAP (words)
A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file / index. php/ purchase_order/ browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 213039
lrp-distilbert · Pred=NONE (0) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability c ##la ssi fi ##ed as critical has been found in Max ##on ERP . This affects an unknown part of the file / index . php / purchase _ order / browse _ data . The man ip ul ##ation of the argument t ##b _ search leads to sql inject ion . It is p ##o ssi b ##le to init i ##ate the attack remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 213 ##0 ##39 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability c ##la ssi fi ##ed as critical has been found in Max ##on ERP . This affects an unknown part of the file / index . php / purchase _ order / browse _ data . The man ip ul ##ation of the argument t ##b _ search leads to sql inject ion . It is p ##o ssi b ##le to init i ##ate the attack remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 213 ##0 ##39 . [SEP]
LIME (words)
A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.
SHAP (words)
A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file / index. php/ purchase_order/ browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 213039
#14 · cve_id CVE-2021-20083 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Improperly Controlled Modification ▁of Object Prototype Attributes ( ' Prototype Pollution ' ) ▁in j query - plugin - query - object ▁2 . 2 . 3 ▁allows ▁a malicious ▁user ▁to inject ▁properties ▁into Object . pro to type . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
SHAP (words)
Improperly Controlled Modification of Object Prototype Attributes (' Prototype Pollution') in jquery- plugin- query- object 2. 2. 3 allows a malicious user to inject properties into Object. prototype
lrp-bert · Pred=LOW (1) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improperly Controlled Modification of Object Prototype Attributes ( ' Prototype Pollution ' ) in j query - plugin - query - object 2 . 2 . 3 allows a malicious user to inject properties int o Object . prototype . [SEP]
LRP (+Pred, pos-only)
[CLS] Improperly Controlled Modification of Object Prototype Attributes ( ' Prototype Pollution ' ) in j query - plugin - query - object 2 . 2 . 3 allows a malicious user to inject properties int o Object . prototype . [SEP]
LIME (words)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
SHAP (words)
Improperly Controlled Modification of Object Prototype Attributes (' Prototype Pollution') in jquery- plugin- query- object 2. 2. 3 allows a malicious user to inject properties into Object. prototype
lrp-distilbert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improperly Controlled Modification of Object Prototype Attributes ( ' Prototype Pollution ' ) in j query - plugin - query - object 2 . 2 . 3 allows a malicious user to inject properties int o Object . prototype . [SEP]
LRP (+Pred, pos-only)
[CLS] Improperly Controlled Modification of Object Prototype Attributes ( ' Prototype Pollution ' ) in j query - plugin - query - object 2 . 2 . 3 allows a malicious user to inject properties int o Object . prototype . [SEP]
LIME (words)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
SHAP (words)
Improperly Controlled Modification of Object Prototype Attributes (' Prototype Pollution') in jquery- plugin- query- object 2. 2. 3 allows a malicious user to inject properties into Object. prototype
#15 · cve_id CVE-2022-30689 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
HashiCorp Vault ▁and Vault ▁Enterprise ▁from ▁1 . 10 . 0 ▁to ▁1 . 10 . 2 ▁did ▁not ▁correctly configure ▁and ▁enforce MFA ▁on login ▁after ▁server restarts . ▁This ▁affects ▁the Login MFA ▁feature ▁introduced ▁in Vault ▁and Vault ▁Enterprise ▁1 . 10 . 0 ▁and ▁does ▁not ▁affect ▁the ▁separate ▁Enterprise MFA ▁feature ▁set . Fixed ▁in ▁1 . 10 . 3 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
SHAP (words)
HashiCorp Vault and Vault Enterprise from 1. 10. 0 to 1. 10. 2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1. 10. 0 and does not affect the separate Enterprise MFA feature set. Fixed in 1. 10. 3
lrp-bert · Pred=HIGH (2) · p=0.93 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] HashiCorp Vault and Vault Enterprise from 1 . 10 . 0 to 1 . 10 . 2 did not correctly configure and enforce MFA on login after server restarts . This affects the Login MFA feature int rod ##uce ##d in Vault and Vault Enterprise 1 . 10 . 0 and does not affect the separate Enterprise MFA feature set . Fixed in 1 . 10 . 3 . [SEP]
LRP (+Pred, pos-only)
[CLS] HashiCorp Vault and Vault Enterprise from 1 . 10 . 0 to 1 . 10 . 2 did not correctly configure and enforce MFA on login after server restarts . This affects the Login MFA feature int rod ##uce ##d in Vault and Vault Enterprise 1 . 10 . 0 and does not affect the separate Enterprise MFA feature set . Fixed in 1 . 10 . 3 . [SEP]
LIME (words)
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
SHAP (words)
HashiCorp Vault and Vault Enterprise from 1. 10. 0 to 1. 10. 2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1. 10. 0 and does not affect the separate Enterprise MFA feature set. Fixed in 1. 10. 3
lrp-distilbert · Pred=NONE (0) · p=0.93 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] HashiCorp Vault and Vault Enterprise from 1 . 10 . 0 to 1 . 10 . 2 did not correctly configure and enforce MFA on login after server restarts . This affects the Login MFA feature int rod ##uce ##d in Vault and Vault Enterprise 1 . 10 . 0 and does not affect the separate Enterprise MFA feature set . Fixed in 1 . 10 . 3 . [SEP]
LRP (+Pred, pos-only)
[CLS] HashiCorp Vault and Vault Enterprise from 1 . 10 . 0 to 1 . 10 . 2 did not correctly configure and enforce MFA on login after server restarts . This affects the Login MFA feature int rod ##uce ##d in Vault and Vault Enterprise 1 . 10 . 0 and does not affect the separate Enterprise MFA feature set . Fixed in 1 . 10 . 3 . [SEP]
LIME (words)
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
SHAP (words)
HashiCorp Vault and Vault Enterprise from 1. 10. 0 to 1. 10. 2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1. 10. 0 and does not affect the separate Enterprise MFA feature set. Fixed in 1. 10. 3
#16 · cve_id CVE-2021-33351 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.94 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Cross ▁Site Scripting Vulnerability ▁in ▁Wy o mind ▁Help Desk Magento ▁2 ▁extension ▁v . 1 . 3 . 6 ▁and ▁before ▁and ▁fixed ▁in ▁v . 1 . 3 . 7 ▁allows ▁attackers ▁to e sc ▁al te ▁privileges ▁via ▁a ▁crafted ▁payload ▁in ▁the ▁ticket ▁message ▁field . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
SHAP (words)
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v. 1. 3. 6 and before and fixed in v. 1. 3. 7 allows attackers to escalte privileges via a crafted payload in the ticket message field
lrp-bert · Pred=LOW (1) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting Vulnerability in W ##yo ##mind Help Desk Magento 2 extension v . 1 . 3 . 6 and before and fixed in v . 1 . 3 . 7 allows attackers to e sc al ##te privileges via a crafted payload in the ticket message field . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting Vulnerability in W ##yo ##mind Help Desk Magento 2 extension v . 1 . 3 . 6 and before and fixed in v . 1 . 3 . 7 allows attackers to e sc al ##te privileges via a crafted payload in the ticket message field . [SEP]
LIME (words)
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
SHAP (words)
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v. 1. 3. 6 and before and fixed in v. 1. 3. 7 allows attackers to escalte privileges via a crafted payload in the ticket message field
lrp-distilbert · Pred=LOW (1) · p=0.95 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting Vulnerability in W ##yo ##mind Help Desk Magento 2 extension v . 1 . 3 . 6 and before and fixed in v . 1 . 3 . 7 allows attackers to e sc al ##te privileges via a crafted payload in the ticket message field . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting Vulnerability in W ##yo ##mind Help Desk Magento 2 extension v . 1 . 3 . 6 and before and fixed in v . 1 . 3 . 7 allows attackers to e sc al ##te privileges via a crafted payload in the ticket message field . [SEP]
LIME (words)
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
SHAP (words)
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v. 1. 3. 6 and before and fixed in v. 1. 3. 7 allows attackers to escalte privileges via a crafted payload in the ticket message field
#17 · cve_id CVE-2021-1965 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Possible ▁buffer overflow ▁due ▁to ▁lack ▁of param eter ▁length ▁check ▁during ▁M BSS ▁ID sc ▁an IE parse ▁in Snapdragon ▁Auto Snapdragon Compute Snapdragon Connectivity Snapdragon ▁Mobile Snapdragon Wired ▁Infrastructure ▁and Networking <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired Infrastructure and Networking
SHAP (words)
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired Infrastructure and Networking
lrp-bert · Pred=NONE (0) · p=0.55 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Possible buffer overflow due to lack of param et ##er length check d uri ng M BSS ID sc an IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired In ##fra struct u ##re and Networking [SEP]
LRP (+Pred, pos-only)
[CLS] Possible buffer overflow due to lack of param et ##er length check d uri ng M BSS ID sc an IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired In ##fra struct u ##re and Networking [SEP]
LIME (words)
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired Infrastructure and Networking
SHAP (words)
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired Infrastructure and Networking
lrp-distilbert · Pred=NONE (0) · p=0.87 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Possible buffer overflow due to lack of param et ##er length check d uri ng M BSS ID sc an IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired In ##fra struct u ##re and Networking [SEP]
LRP (+Pred, pos-only)
[CLS] Possible buffer overflow due to lack of param et ##er length check d uri ng M BSS ID sc an IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired In ##fra struct u ##re and Networking [SEP]
LIME (words)
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired Infrastructure and Networking
SHAP (words)
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Mobile Snapdragon Wired Infrastructure and Networking
#18 · cve_id CVE-2022-31677 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An Insufficient ▁Se ssi ▁on ▁Ex piration ▁issue ▁was ▁di sc ▁over ed ▁in ▁the ▁Pin nip ed Supervisor ( before ▁v 0 . 19 . 0 ) . ▁A ▁user authenticating ▁to Kubernetes ▁clusters ▁via ▁the ▁Pin nip ed Supervisor ▁could ▁potentially ▁use ▁their ▁access ▁token ▁to ▁continue ▁their se ssi ▁on ▁beyond ▁what ▁proper ▁use ▁of ▁their refresh ▁token ▁might ▁allow . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
SHAP (words)
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor ( before v0. 19. 0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow
lrp-bert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An Insufficient Se ssi on Ex ##piration issue was di sc over ##ed in the Pi ##nn ip ed Supervisor ( before v ##0 . 19 . 0 ) . A user authenticating to Kubernetes clusters via the Pi ##nn ip ed Supervisor could potentially use their access token to continue their se ssi on beyond what proper use of their refresh token might allow . [SEP]
LRP (+Pred, pos-only)
[CLS] An Insufficient Se ssi on Ex ##piration issue was di sc over ##ed in the Pi ##nn ip ed Supervisor ( before v ##0 . 19 . 0 ) . A user authenticating to Kubernetes clusters via the Pi ##nn ip ed Supervisor could potentially use their access token to continue their se ssi on beyond what proper use of their refresh token might allow . [SEP]
LIME (words)
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
SHAP (words)
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor ( before v0. 19. 0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow
lrp-distilbert · Pred=LOW (1) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An Insufficient Se ssi on Ex ##piration issue was di sc over ##ed in the Pi ##nn ip ed Supervisor ( before v ##0 . 19 . 0 ) . A user authenticating to Kubernetes clusters via the Pi ##nn ip ed Supervisor could potentially use their access token to continue their se ssi on beyond what proper use of their refresh token might allow . [SEP]
LRP (+Pred, pos-only)
[CLS] An Insufficient Se ssi on Ex ##piration issue was di sc over ##ed in the Pi ##nn ip ed Supervisor ( before v ##0 . 19 . 0 ) . A user authenticating to Kubernetes clusters via the Pi ##nn ip ed Supervisor could potentially use their access token to continue their se ssi on beyond what proper use of their refresh token might allow . [SEP]
LIME (words)
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
SHAP (words)
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor ( before v0. 19. 0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow
#19 · cve_id CVE-2022-25357 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.95 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Pexip ▁In f init y ▁27 . x ▁before ▁27 . 2 ▁has Improper ▁Access ▁Control . ▁An ▁attacker ▁can ▁sometimes ▁join ▁a ▁conference ( call ▁join ) ▁if ▁it ▁has ▁a ▁lock ▁but ▁not ▁a PIN . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
SHAP (words)
Pexip Infinity 27. x before 27. 2 has Improper Access Control. An attacker can sometimes join a conference ( call join) if it has a lock but not a PIN
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Pexip In ##f init y 27 . x before 27 . 2 has Improper Access Control . An attacker can sometimes join a conference ( call join ) if it has a lock but not a PIN . [SEP]
LRP (+Pred, pos-only)
[CLS] Pexip In ##f init y 27 . x before 27 . 2 has Improper Access Control . An attacker can sometimes join a conference ( call join ) if it has a lock but not a PIN . [SEP]
LIME (words)
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
SHAP (words)
Pexip Infinity 27. x before 27. 2 has Improper Access Control. An attacker can sometimes join a conference ( call join) if it has a lock but not a PIN
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Pexip In ##f init y 27 . x before 27 . 2 has Improper Access Control . An attacker can sometimes join a conference ( call join ) if it has a lock but not a PIN . [SEP]
LRP (+Pred, pos-only)
[CLS] Pexip In ##f init y 27 . x before 27 . 2 has Improper Access Control . An attacker can sometimes join a conference ( call join ) if it has a lock but not a PIN . [SEP]
LIME (words)
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
SHAP (words)
Pexip Infinity 27. x before 27. 2 has Improper Access Control. An attacker can sometimes join a conference ( call join) if it has a lock but not a PIN
#20 · cve_id CVE-2020-29508 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Dell BSAFE Crypto-C ▁Micro ▁Edition ▁versions ▁before ▁4 . 1 . 5 ▁and ▁Dell BSAFE ▁Micro ▁Edition ▁Suite ▁versions ▁before ▁4 . 6 ▁contain ▁an Improper Input Validation Vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Dell BSAFE Crypto-C Micro Edition versions before 4.1.5 and Dell BSAFE Micro Edition Suite versions before 4.6 contain an Improper Input Validation Vulnerability.
SHAP (words)
Dell BSAFE Crypto- C Micro Edition versions before 4. 1. 5 and Dell BSAFE Micro Edition Suite versions before 4. 6 contain an Improper Input Validation Vulnerability
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Dell BSAFE Crypto-C Micro Edition versions before 4 . 1 . 5 and Dell BSAFE Micro Edition Su ite versions before 4 . 6 contain an Improper Input Validation Vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] Dell BSAFE Crypto-C Micro Edition versions before 4 . 1 . 5 and Dell BSAFE Micro Edition Su ite versions before 4 . 6 contain an Improper Input Validation Vulnerability . [SEP]
LIME (words)
Dell BSAFE Crypto-C Micro Edition versions before 4.1.5 and Dell BSAFE Micro Edition Suite versions before 4.6 contain an Improper Input Validation Vulnerability.
SHAP (words)
Dell BSAFE Crypto- C Micro Edition versions before 4. 1. 5 and Dell BSAFE Micro Edition Suite versions before 4. 6 contain an Improper Input Validation Vulnerability
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Dell BSAFE Crypto-C Micro Edition versions before 4 . 1 . 5 and Dell BSAFE Micro Edition Su ite versions before 4 . 6 contain an Improper Input Validation Vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] Dell BSAFE Crypto-C Micro Edition versions before 4 . 1 . 5 and Dell BSAFE Micro Edition Su ite versions before 4 . 6 contain an Improper Input Validation Vulnerability . [SEP]
LIME (words)
Dell BSAFE Crypto-C Micro Edition versions before 4.1.5 and Dell BSAFE Micro Edition Suite versions before 4.6 contain an Improper Input Validation Vulnerability.
SHAP (words)
Dell BSAFE Crypto- C Micro Edition versions before 4. 1. 5 and Dell BSAFE Micro Edition Suite versions before 4. 6 contain an Improper Input Validation Vulnerability
#21 · cve_id CVE-2021-38290 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁host ▁header ▁attack ▁vulnerability ▁exists ▁in FUEL CMS ▁1 . 5 . 0 ▁through ▁fuel / mod ule s / fuel / config / fuel _ cons tant s . php ▁and ▁fuel / mod ule s / fuel / li bra ries / Asset . php . ▁An ▁attacker ▁can ▁use ▁a ▁man ▁in ▁the ▁middle ▁attack ▁such ▁as phishing . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
SHAP (words)
A host header attack vulnerability exists in FUEL CMS 1. 5. 0 through fuel/ modules/ fuel/ config/ fuel_constants. php and fuel/ modules/ fuel/ libraries/ Asset. php. An attacker can use a man in the middle attack such as phishing
lrp-bert · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A host header attack vulnerability exists in FUEL CMS 1 . 5 . 0 through fuel / mod ul ##es / fuel / config / fuel _ constant ##s . php and fuel / mod ul ##es / fuel / libraries / Asset . php . An attacker can use a man in the middle attack such as phishing . [SEP]
LRP (+Pred, pos-only)
[CLS] A host header attack vulnerability exists in FUEL CMS 1 . 5 . 0 through fuel / mod ul ##es / fuel / config / fuel _ constant ##s . php and fuel / mod ul ##es / fuel / libraries / Asset . php . An attacker can use a man in the middle attack such as phishing . [SEP]
LIME (words)
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
SHAP (words)
A host header attack vulnerability exists in FUEL CMS 1. 5. 0 through fuel/ modules/ fuel/ config/ fuel_constants. php and fuel/ modules/ fuel/ libraries/ Asset. php. An attacker can use a man in the middle attack such as phishing
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A host header attack vulnerability exists in FUEL CMS 1 . 5 . 0 through fuel / mod ul ##es / fuel / config / fuel _ constant ##s . php and fuel / mod ul ##es / fuel / libraries / Asset . php . An attacker can use a man in the middle attack such as phishing . [SEP]
LRP (+Pred, pos-only)
[CLS] A host header attack vulnerability exists in FUEL CMS 1 . 5 . 0 through fuel / mod ul ##es / fuel / config / fuel _ constant ##s . php and fuel / mod ul ##es / fuel / libraries / Asset . php . An attacker can use a man in the middle attack such as phishing . [SEP]
LIME (words)
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
SHAP (words)
A host header attack vulnerability exists in FUEL CMS 1. 5. 0 through fuel/ modules/ fuel/ config/ fuel_constants. php and fuel/ modules/ fuel/ libraries/ Asset. php. An attacker can use a man in the middle attack such as phishing
#22 · cve_id CVE-2022-43014 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Open CAT S ▁v 0 . 9 . 6 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁reflected cross-site scripting ( XSS ) ▁vulnerability ▁via ▁the ▁job order ID param eter . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
SHAP (words)
OpenCATS v0. 9. 6 was discovered to contain a reflected cross- site scripting ( XSS) vulnerability via the joborderID parameter
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Open ##CA ##TS v ##0 . 9 . 6 was di sc over ##ed to contain a reflected cross-site scripting ( XSS ) vulnerability via the job ##ord ##er ##ID param et ##er . [SEP]
LRP (+Pred, pos-only)
[CLS] Open ##CA ##TS v ##0 . 9 . 6 was di sc over ##ed to contain a reflected cross-site scripting ( XSS ) vulnerability via the job ##ord ##er ##ID param et ##er . [SEP]
LIME (words)
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
SHAP (words)
OpenCATS v0. 9. 6 was discovered to contain a reflected cross- site scripting ( XSS) vulnerability via the joborderID parameter
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Open ##CA ##TS v ##0 . 9 . 6 was di sc over ##ed to contain a reflected cross-site scripting ( XSS ) vulnerability via the job ##ord ##er ##ID param et ##er . [SEP]
LRP (+Pred, pos-only)
[CLS] Open ##CA ##TS v ##0 . 9 . 6 was di sc over ##ed to contain a reflected cross-site scripting ( XSS ) vulnerability via the job ##ord ##er ##ID param et ##er . [SEP]
LIME (words)
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
SHAP (words)
OpenCATS v0. 9. 6 was discovered to contain a reflected cross- site scripting ( XSS) vulnerability via the joborderID parameter
#23 · cve_id CVE-2023-37224 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁in ▁Archer Plat ▁form ▁before ▁v . 6 . 13 ▁fixed ▁in ▁v . 6 . 12 . 0 . 6 ▁and ▁v . 6 . 13 . 0 ▁allows ▁an authenticated ▁attacker ▁to ▁obtain ▁sensitive ▁in for matio n ▁via ▁the ▁log ▁files . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.
SHAP (words)
An issue in Archer Platform before v. 6. 13 fixed in v. 6. 12. 0. 6 and v. 6. 13. 0 allows an authenticated attacker to obtain sensitive information via the log files
lrp-bert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue in Archer Plat form before v . 6 . 13 fixed in v . 6 . 12 . 0 . 6 and v . 6 . 13 . 0 allows an authenticated attacker to obtain sensitive info ##r matio n via the log files . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue in Archer Plat form before v . 6 . 13 fixed in v . 6 . 12 . 0 . 6 and v . 6 . 13 . 0 allows an authenticated attacker to obtain sensitive info ##r matio n via the log files . [SEP]
LIME (words)
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.
SHAP (words)
An issue in Archer Platform before v. 6. 13 fixed in v. 6. 12. 0. 6 and v. 6. 13. 0 allows an authenticated attacker to obtain sensitive information via the log files
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue in Archer Plat form before v . 6 . 13 fixed in v . 6 . 12 . 0 . 6 and v . 6 . 13 . 0 allows an authenticated attacker to obtain sensitive info ##r matio n via the log files . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue in Archer Plat form before v . 6 . 13 fixed in v . 6 . 12 . 0 . 6 and v . 6 . 13 . 0 allows an authenticated attacker to obtain sensitive info ##r matio n via the log files . [SEP]
LIME (words)
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.
SHAP (words)
An issue in Archer Platform before v. 6. 13 fixed in v. 6. 12. 0. 6 and v. 6. 13. 0 allows an authenticated attacker to obtain sensitive information via the log files
#24 · cve_id CVE-2022-27528 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A maliciously ▁crafted DW FX ▁and S KP ▁files ▁in Autodesk ▁Na vis works ▁20 22 ▁can ▁be ▁used ▁to ▁trigger use-after-free ▁vulnerability . Exploitation ▁of ▁this ▁vulnerability ▁may ▁lead ▁to ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
SHAP (words)
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use- after- free vulnerability. Exploitation of this vulnerability may lead to code execution
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A maliciously crafted D ##W ##F ##X and SK ##P files in Autodesk Na ##vis ##works 202 ##2 can be used to trigger use-after-free vulnerability . Exploitation of this vulnerability may lead to code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] A maliciously crafted D ##W ##F ##X and SK ##P files in Autodesk Na ##vis ##works 202 ##2 can be used to trigger use-after-free vulnerability . Exploitation of this vulnerability may lead to code exec u ##tion . [SEP]
LIME (words)
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
SHAP (words)
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use- after- free vulnerability. Exploitation of this vulnerability may lead to code execution
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A maliciously crafted D ##W ##F ##X and SK ##P files in Autodesk Na ##vis ##works 202 ##2 can be used to trigger use-after-free vulnerability . Exploitation of this vulnerability may lead to code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] A maliciously crafted D ##W ##F ##X and SK ##P files in Autodesk Na ##vis ##works 202 ##2 can be used to trigger use-after-free vulnerability . Exploitation of this vulnerability may lead to code exec u ##tion . [SEP]
LIME (words)
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
SHAP (words)
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use- after- free vulnerability. Exploitation of this vulnerability may lead to code execution
#25 · cve_id CVE-2020-10388 · pr
GT=LOW (1)
xlnet · Pred=HIGH (2) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁way ▁the Referer ▁header ▁in ▁article . php ▁is ▁handled ▁in Chadha PHPKB ▁Standard Multi-Language ▁9 ▁allows ▁attackers ▁to ▁execute Stored ( B lin d ) XSS ( injecting ▁arbitrary ▁web sc ▁rip t ▁or HTML ) ▁in admin / report - referrer s . php ( vul ner able ▁file admin / include / function s - article s . php ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).
SHAP (words)
The way the Referer header in article. php is handled in Chadha PHPKB Standard Multi- Language 9 allows attackers to execute Stored ( Blind) XSS ( injecting arbitrary web script or HTML) in admin/ report- referrers. php ( vulnerable file admin/ include/ functions- articles. php
lrp-bert · Pred=HIGH (2) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The way the Referer header in article . php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to exec u ##te Stored ( Blind ) XSS ( injecting arbitrary web sc r ip t or HTML ) in admin / report - referrer s . php ( vulnerable file admin / include / functions - articles . php ) . [SEP]
LRP (+Pred, pos-only)
[CLS] The way the Referer header in article . php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to exec u ##te Stored ( Blind ) XSS ( injecting arbitrary web sc r ip t or HTML ) in admin / report - referrer s . php ( vulnerable file admin / include / functions - articles . php ) . [SEP]
LIME (words)
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).
SHAP (words)
The way the Referer header in article. php is handled in Chadha PHPKB Standard Multi- Language 9 allows attackers to execute Stored ( Blind) XSS ( injecting arbitrary web script or HTML) in admin/ report- referrers. php ( vulnerable file admin/ include/ functions- articles. php
lrp-distilbert · Pred=LOW (1) · p=0.61 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The way the Referer header in article . php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to exec u ##te Stored ( Blind ) XSS ( injecting arbitrary web sc r ip t or HTML ) in admin / report - referrer s . php ( vulnerable file admin / include / functions - articles . php ) . [SEP]
LRP (+Pred, pos-only)
[CLS] The way the Referer header in article . php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to exec u ##te Stored ( Blind ) XSS ( injecting arbitrary web sc r ip t or HTML ) in admin / report - referrer s . php ( vulnerable file admin / include / functions - articles . php ) . [SEP]
LIME (words)
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).
SHAP (words)
The way the Referer header in article. php is handled in Chadha PHPKB Standard Multi- Language 9 allows attackers to execute Stored ( Blind) XSS ( injecting arbitrary web script or HTML) in admin/ report- referrers. php ( vulnerable file admin/ include/ functions- articles. php
#26 · cve_id CVE-2022-21964 · pr
GT=LOW (1)
xlnet · Pred=NONE (0) · p=0.75 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Remote Desktop Licensing ▁Di agno ser ▁In for matio n Disclosure Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
SHAP (words)
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
lrp-bert · Pred=NONE (0) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Remote Desktop Licensing Di ##ag ##nose ##r In ##fo ##r matio n Disclosure Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Remote Desktop Licensing Di ##ag ##nose ##r In ##fo ##r matio n Disclosure Vulnerability [SEP]
LIME (words)
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
SHAP (words)
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
lrp-distilbert · Pred=NONE (0) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Remote Desktop Licensing Di ##ag ##nose ##r In ##fo ##r matio n Disclosure Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Remote Desktop Licensing Di ##ag ##nose ##r In ##fo ##r matio n Disclosure Vulnerability [SEP]
LIME (words)
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
SHAP (words)
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
#27 · cve_id CVE-2019-2905 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the ▁Oracle ▁Business ▁Intelligence ▁Enterprise ▁Edition ▁product ▁of ▁Oracle ▁Fusion Middleware ( com ponent : Installation ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁12 . 2 . 1 . 3 . 0 ▁and ▁12 . 2 . 1 . 4 . 0 . Easily exploitable ▁vulnerability ▁allows unauthenticated ▁attacker ▁with ▁network ▁access ▁via HTTP ▁to ▁compromise ▁Oracle ▁Business ▁Intelligence ▁Enterprise ▁Edition . ▁While ▁the ▁vulnerability ▁is ▁in ▁Oracle ▁Business ▁Intelligence ▁Enterprise ▁Edition ▁attacks ▁may ▁significantly ▁impact ▁additional ▁products . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁access ▁to ▁critical ▁data ▁or ▁complete ▁access ▁to ▁all ▁Oracle ▁Business ▁Intelligence ▁Enterprise ▁Edition acce ssi ble ▁data . CVSS ▁3 . 0 ▁Base ▁Score ▁8 . 6 ( Con fid ential ity ▁impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : N / UI : N / S : C / C : H / I : N / A : N ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
SHAP (words)
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware ( component: Installation). Supported versions that are affected are 12. 2. 1. 3. 0 and 12. 2. 1. 4. 0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3. 0 Base Score 8. 6 ( Confidentiality impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: L/ PR: N/ UI: N/ S: C/ C: H/ I: N/ A: N
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware ( component : Installation ) . Supported versions that are affected are 12 . 2 . 1 . 3 . 0 and 12 . 2 . 1 . 4 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition . While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition a ##cc ##e ssi b ##le data . CVSS 3 . 0 Base Score 8 . 6 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : N / UI : N / S : C / C : H / I : N / A : N ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware ( component : Installation ) . Supported versions that are affected are 12 . 2 . 1 . 3 . 0 and 12 . 2 . 1 . 4 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition . While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition a ##cc ##e ssi b ##le data . CVSS 3 . 0 Base Score 8 . 6 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : N / UI : N / S : C / C : H / I : N / A : N ) . [SEP]
LIME (words)
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
SHAP (words)
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware ( component: Installation). Supported versions that are affected are 12. 2. 1. 3. 0 and 12. 2. 1. 4. 0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3. 0 Base Score 8. 6 ( Confidentiality impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: L/ PR: N/ UI: N/ S: C/ C: H/ I: N/ A: N
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware ( component : Installation ) . Supported versions that are affected are 12 . 2 . 1 . 3 . 0 and 12 . 2 . 1 . 4 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition . While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition a ##cc ##e ssi b ##le data . CVSS 3 . 0 Base Score 8 . 6 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : N / UI : N / S : C / C : H / I : N / A : N ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware ( component : Installation ) . Supported versions that are affected are 12 . 2 . 1 . 3 . 0 and 12 . 2 . 1 . 4 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition . While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition a ##cc ##e ssi b ##le data . CVSS 3 . 0 Base Score 8 . 6 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : N / UI : N / S : C / C : H / I : N / A : N ) . [SEP]
LIME (words)
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
SHAP (words)
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware ( component: Installation). Supported versions that are affected are 12. 2. 1. 3. 0 and 12. 2. 1. 4. 0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3. 0 Base Score 8. 6 ( Confidentiality impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: L/ PR: N/ UI: N/ S: C/ C: H/ I: N/ A: N
#28 · cve_id CVE-2021-40670 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
SQL Injection ▁vulnerability ▁exists ▁in ▁Wu zhi CMS ▁4 . 1 . 0 ▁via ▁the keywords i param eter ▁under ▁the / core frame / app / order / admin / card . php ▁file . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
SHAP (words)
SQL Injection vulnerability exists in Wuzhi CMS 4. 1. 0 via the keywords iparameter under the / coreframe/ app/ order/ admin/ card. php file
lrp-bert · Pred=NONE (0) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] SQL Injection vulnerability exists in Wu ##zhi CMS 4 . 1 . 0 via the keywords ip a ##ram ##eter under the / core ##frame / app / order / admin / card . php file . [SEP]
LRP (+Pred, pos-only)
[CLS] SQL Injection vulnerability exists in Wu ##zhi CMS 4 . 1 . 0 via the keywords ip a ##ram ##eter under the / core ##frame / app / order / admin / card . php file . [SEP]
LIME (words)
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
SHAP (words)
SQL Injection vulnerability exists in Wuzhi CMS 4. 1. 0 via the keywords iparameter under the / coreframe/ app/ order/ admin/ card. php file
lrp-distilbert · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] SQL Injection vulnerability exists in Wu ##zhi CMS 4 . 1 . 0 via the keywords ip a ##ram ##eter under the / core ##frame / app / order / admin / card . php file . [SEP]
LRP (+Pred, pos-only)
[CLS] SQL Injection vulnerability exists in Wu ##zhi CMS 4 . 1 . 0 via the keywords ip a ##ram ##eter under the / core ##frame / app / order / admin / card . php file . [SEP]
LIME (words)
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
SHAP (words)
SQL Injection vulnerability exists in Wuzhi CMS 4. 1. 0 via the keywords iparameter under the / coreframe/ app/ order/ admin/ card. php file
#29 · cve_id CVE-2023-36718 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.86 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Microsoft ▁Virtual Trusted Plat ▁form Module Remote ▁Code Execution Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
SHAP (words)
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
lrp-bert · Pred=LOW (1) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Virtual Trusted Plat form Module Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Virtual Trusted Plat form Module Remote Code Execution Vulnerability [SEP]
LIME (words)
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
SHAP (words)
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
lrp-distilbert · Pred=NONE (0) · p=0.88 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Virtual Trusted Plat form Module Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Virtual Trusted Plat form Module Remote Code Execution Vulnerability [SEP]
LIME (words)
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
SHAP (words)
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
#30 · cve_id CVE-2021-27062 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
HEVC ▁Video Extensions Remote ▁Code Execution Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
HEVC Video Extensions Remote Code Execution Vulnerability
SHAP (words)
HEVC Video Extensions Remote Code Execution Vulnerability
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] HEVC Video Extensions Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] HEVC Video Extensions Remote Code Execution Vulnerability [SEP]
LIME (words)
HEVC Video Extensions Remote Code Execution Vulnerability
SHAP (words)
HEVC Video Extensions Remote Code Execution Vulnerability
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] HEVC Video Extensions Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] HEVC Video Extensions Remote Code Execution Vulnerability [SEP]
LIME (words)
HEVC Video Extensions Remote Code Execution Vulnerability
SHAP (words)
HEVC Video Extensions Remote Code Execution Vulnerability
#31 · cve_id CVE-2021-30130 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
php sec lib ▁before ▁2 . 0 . 31 ▁and ▁3 . x ▁before ▁3 . 0 . 7 mishandles RSA PKCS ▁#1 ▁v 1 . 5 ▁signature verification . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
SHAP (words)
phpseclib before 2. 0. 31 and 3. x before 3. 0. 7 mishandles RSA PKCS# 1 v1. 5 signature verification
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] php se cli b before 2 . 0 . 31 and 3 . x before 3 . 0 . 7 mishandles RSA PKCS # 1 v ##1 . 5 signature verification . [SEP]
LRP (+Pred, pos-only)
[CLS] php se cli b before 2 . 0 . 31 and 3 . x before 3 . 0 . 7 mishandles RSA PKCS # 1 v ##1 . 5 signature verification . [SEP]
LIME (words)
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
SHAP (words)
phpseclib before 2. 0. 31 and 3. x before 3. 0. 7 mishandles RSA PKCS# 1 v1. 5 signature verification
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] php se cli b before 2 . 0 . 31 and 3 . x before 3 . 0 . 7 mishandles RSA PKCS # 1 v ##1 . 5 signature verification . [SEP]
LRP (+Pred, pos-only)
[CLS] php se cli b before 2 . 0 . 31 and 3 . x before 3 . 0 . 7 mishandles RSA PKCS # 1 v ##1 . 5 signature verification . [SEP]
LIME (words)
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
SHAP (words)
phpseclib before 2. 0. 31 and 3. x before 3. 0. 7 mishandles RSA PKCS# 1 v1. 5 signature verification
#32 · cve_id CVE-2021-46311 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A NULL pointer dereference ▁vulnerability ▁exists ▁in GPAC ▁v 1 . 1 . 0 ▁via ▁the ▁function g f _ s g _ d est roy _ route s ( ) ▁at sc ene graph / v r ml _ route . c . ▁This ▁vulnerability ▁can ▁lead ▁to ▁a Denial ▁of ▁Service ( DoS ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).
SHAP (words)
A NULL pointer dereference vulnerability exists in GPAC v1. 1. 0 via the function gf_sg_destroy_routes () at scenegraph/ vrml_route. c. This vulnerability can lead to a Denial of Service ( DoS
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A NULL pointer dereference vulnerability exists in GPAC v ##1 . 1 . 0 via the function g ##f _ s ##g _ destroy _ routes ( ) at sc en ##eg ##rap ##h / v ##rm ##l _ route . c . This vulnerability can lead to a Denial of Service ( DoS ) . [SEP]
LRP (+Pred, pos-only)
[CLS] A NULL pointer dereference vulnerability exists in GPAC v ##1 . 1 . 0 via the function g ##f _ s ##g _ destroy _ routes ( ) at sc en ##eg ##rap ##h / v ##rm ##l _ route . c . This vulnerability can lead to a Denial of Service ( DoS ) . [SEP]
LIME (words)
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).
SHAP (words)
A NULL pointer dereference vulnerability exists in GPAC v1. 1. 0 via the function gf_sg_destroy_routes () at scenegraph/ vrml_route. c. This vulnerability can lead to a Denial of Service ( DoS
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A NULL pointer dereference vulnerability exists in GPAC v ##1 . 1 . 0 via the function g ##f _ s ##g _ destroy _ routes ( ) at sc en ##eg ##rap ##h / v ##rm ##l _ route . c . This vulnerability can lead to a Denial of Service ( DoS ) . [SEP]
LRP (+Pred, pos-only)
[CLS] A NULL pointer dereference vulnerability exists in GPAC v ##1 . 1 . 0 via the function g ##f _ s ##g _ destroy _ routes ( ) at sc en ##eg ##rap ##h / v ##rm ##l _ route . c . This vulnerability can lead to a Denial of Service ( DoS ) . [SEP]
LIME (words)
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).
SHAP (words)
A NULL pointer dereference vulnerability exists in GPAC v1. 1. 0 via the function gf_sg_destroy_routes () at scenegraph/ vrml_route. c. This vulnerability can lead to a Denial of Service ( DoS
#33 · cve_id CVE-2023-0415 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
iSCSI dissector ▁crash ▁in Wireshark ▁4 . 0 . 0 ▁to ▁4 . 0 . 2 ▁and ▁3 . 6 . 0 ▁to ▁3 . 6 . 10 ▁and ▁allows ▁denial ▁of ▁service ▁via ▁packet inject ion ▁or ▁crafted ▁c apt ure ▁file <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
SHAP (words)
iSCSI dissector crash in Wireshark 4. 0. 0 to 4. 0. 2 and 3. 6. 0 to 3. 6. 10 and allows denial of service via packet injection or crafted capture file
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] iSCSI dissector crash in Wireshark 4 . 0 . 0 to 4 . 0 . 2 and 3 . 6 . 0 to 3 . 6 . 10 and allows denial of service via packet inject ion or crafted c apt u ##re file [SEP]
LRP (+Pred, pos-only)
[CLS] iSCSI dissector crash in Wireshark 4 . 0 . 0 to 4 . 0 . 2 and 3 . 6 . 0 to 3 . 6 . 10 and allows denial of service via packet inject ion or crafted c apt u ##re file [SEP]
LIME (words)
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
SHAP (words)
iSCSI dissector crash in Wireshark 4. 0. 0 to 4. 0. 2 and 3. 6. 0 to 3. 6. 10 and allows denial of service via packet injection or crafted capture file
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] iSCSI dissector crash in Wireshark 4 . 0 . 0 to 4 . 0 . 2 and 3 . 6 . 0 to 3 . 6 . 10 and allows denial of service via packet inject ion or crafted c apt u ##re file [SEP]
LRP (+Pred, pos-only)
[CLS] iSCSI dissector crash in Wireshark 4 . 0 . 0 to 4 . 0 . 2 and 3 . 6 . 0 to 3 . 6 . 10 and allows denial of service via packet inject ion or crafted c apt u ##re file [SEP]
LIME (words)
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
SHAP (words)
iSCSI dissector crash in Wireshark 4. 0. 0 to 4. 0. 2 and 3. 6. 0 to 3. 6. 10 and allows denial of service via packet injection or crafted capture file
#34 · cve_id CVE-2022-39124 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁sensor ▁driver ▁there ▁is ▁a ▁po ssi ble ▁out ▁of ▁bound s ▁write ▁due ▁to ▁a ▁mi ssi ng ▁bound s ▁check . ▁This ▁could ▁lead ▁to ▁local ▁denial ▁of ▁service ▁in ▁kernel . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In sensor driver there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
SHAP (words)
In sensor driver there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In sensor driver there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local denial of service in kernel . [SEP]
LRP (+Pred, pos-only)
[CLS] In sensor driver there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local denial of service in kernel . [SEP]
LIME (words)
In sensor driver there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
SHAP (words)
In sensor driver there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In sensor driver there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local denial of service in kernel . [SEP]
LRP (+Pred, pos-only)
[CLS] In sensor driver there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local denial of service in kernel . [SEP]
LIME (words)
In sensor driver there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
SHAP (words)
In sensor driver there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel
#35 · cve_id CVE-2020-0330 · pr
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In io rap ▁there ▁is ▁a ▁po ssi ble ▁memory ▁corruption ▁due ▁to ▁a ▁use ▁after ▁free . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁and ▁code ▁execution ▁with ▁System ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . Pro duct : ▁Android Versions : ▁Android - 11 And roid ▁ID : ▁A - 150 33 10 85 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In iorap there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085
SHAP (words)
In iorap there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11Android ID: A- 150331085
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In i ##ora ##p there is a p ##o ssi b ##le memory corruption due to a use after free . This could lead to local escalation of privilege and code exec u ##tion with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 150 ##33 ##10 ##8 ##5 [SEP]
LRP (+Pred, pos-only)
[CLS] In i ##ora ##p there is a p ##o ssi b ##le memory corruption due to a use after free . This could lead to local escalation of privilege and code exec u ##tion with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 150 ##33 ##10 ##8 ##5 [SEP]
LIME (words)
In iorap there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085
SHAP (words)
In iorap there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11Android ID: A- 150331085
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In i ##ora ##p there is a p ##o ssi b ##le memory corruption due to a use after free . This could lead to local escalation of privilege and code exec u ##tion with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 150 ##33 ##10 ##8 ##5 [SEP]
LRP (+Pred, pos-only)
[CLS] In i ##ora ##p there is a p ##o ssi b ##le memory corruption due to a use after free . This could lead to local escalation of privilege and code exec u ##tion with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 150 ##33 ##10 ##8 ##5 [SEP]
LIME (words)
In iorap there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085
SHAP (words)
In iorap there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11Android ID: A- 150331085
#36 · cve_id CVE-2020-2261 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Jenkins ▁Perfect o Plugin ▁1 . 17 ▁and ▁earlier executes ▁a ▁command ▁on ▁the ▁Jenkins ▁controller ▁allowing ▁attackers ▁with ▁Job / Config ure ▁per mi ssi ▁on ▁to ▁run ▁arbitrary ▁commands ▁on ▁the ▁Jenkins ▁controller <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
SHAP (words)
Jenkins Perfecto Plugin 1. 17 and earlier executes a command on the Jenkins controller allowing attackers with Job/ Configure permission to run arbitrary commands on the Jenkins controller
lrp-bert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jenkins Perfect ##o Plugin 1 . 17 and earlier executes a command on the Jenkins controller allowing attackers with Job / Config u ##re per ##mi ssi on to run arbitrary commands on the Jenkins controller [SEP]
LRP (+Pred, pos-only)
[CLS] Jenkins Perfect ##o Plugin 1 . 17 and earlier executes a command on the Jenkins controller allowing attackers with Job / Config u ##re per ##mi ssi on to run arbitrary commands on the Jenkins controller [SEP]
LIME (words)
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
SHAP (words)
Jenkins Perfecto Plugin 1. 17 and earlier executes a command on the Jenkins controller allowing attackers with Job/ Configure permission to run arbitrary commands on the Jenkins controller
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jenkins Perfect ##o Plugin 1 . 17 and earlier executes a command on the Jenkins controller allowing attackers with Job / Config u ##re per ##mi ssi on to run arbitrary commands on the Jenkins controller [SEP]
LRP (+Pred, pos-only)
[CLS] Jenkins Perfect ##o Plugin 1 . 17 and earlier executes a command on the Jenkins controller allowing attackers with Job / Config u ##re per ##mi ssi on to run arbitrary commands on the Jenkins controller [SEP]
LIME (words)
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
SHAP (words)
Jenkins Perfecto Plugin 1. 17 and earlier executes a command on the Jenkins controller allowing attackers with Job/ Configure permission to run arbitrary commands on the Jenkins controller
#37 · cve_id CVE-2021-27419 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
u C libc - ng ▁versions ▁prior ▁to ▁1 . 0 . 37 ▁are ▁vulnerable ▁to ▁integer ▁wrap - around ▁in ▁functions malloc - sim ple . ▁This improper ▁memory ▁a ssi g n ment ▁can ▁lead ▁to ▁arbitrary ▁memory ▁allocation ▁resulting ▁in ▁unexpected ▁behavior ▁such ▁as ▁a ▁crash ▁or ▁a ▁remote ▁code inject ion / exec ution . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code injection/execution.
SHAP (words)
uClibc- ng versions prior to 1. 0. 37 are vulnerable to integer wrap- around in functions malloc- simple. This improper memory assignment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code injection/ execution
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] u ##C libc - ng versions prior to 1 . 0 . 37 are vulnerable to int e ##ger wrap - around in functions malloc - simple . This improper memory a ssi g ##n ##ment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code inject ion / exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] u ##C libc - ng versions prior to 1 . 0 . 37 are vulnerable to int e ##ger wrap - around in functions malloc - simple . This improper memory a ssi g ##n ##ment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code inject ion / exec u ##tion . [SEP]
LIME (words)
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code injection/execution.
SHAP (words)
uClibc- ng versions prior to 1. 0. 37 are vulnerable to integer wrap- around in functions malloc- simple. This improper memory assignment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code injection/ execution
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] u ##C libc - ng versions prior to 1 . 0 . 37 are vulnerable to int e ##ger wrap - around in functions malloc - simple . This improper memory a ssi g ##n ##ment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code inject ion / exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] u ##C libc - ng versions prior to 1 . 0 . 37 are vulnerable to int e ##ger wrap - around in functions malloc - simple . This improper memory a ssi g ##n ##ment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code inject ion / exec u ##tion . [SEP]
LIME (words)
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code injection/execution.
SHAP (words)
uClibc- ng versions prior to 1. 0. 37 are vulnerable to integer wrap- around in functions malloc- simple. This improper memory assignment can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or a remote code injection/ execution
#38 · cve_id CVE-2017-20174 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁was ▁found ▁in bas tian all ge ier ▁Kirby ▁Web ment ions Plugin ▁and cla ssi fi ed ▁as ▁problematic . Affected ▁by ▁this ▁issue ▁is ▁some ▁unknown ▁functionality . ▁The ▁manipulation ▁leads ▁to inject ion . ▁The ▁attack ▁may ▁be ▁launched ▁remotely . ▁The ▁complexity ▁of ▁an ▁attack ▁is ▁rather ▁high . ▁The ▁exploitation ▁is ▁known ▁to ▁be diff ic ult . ▁The ▁patch ▁is ▁identified ▁as ▁55 bed ea 78 ae 9 af 9 16 a 9 a 4 14 97 b d 999 64 17 85 150 2 . ▁It ▁is ▁recommended ▁to ▁apply ▁a ▁patch ▁to ▁fix ▁this ▁issue . ▁V DB - 2 188 94 ▁is ▁the identifier ▁a ssi gne d ▁to ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB-218894 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB- 218894 is the identifier assigned to this vulnerability
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in b ##ast ##iana ##ll ##ge ##ier Kirby Web ##ment ##ions Plugin and c ##la ssi fi ##ed as problematic . Affected by this issue is some unknown functionality . The man ip ul ##ation leads to inject ion . The attack may be launched remotely . The complexity of an attack is rather high . The exploitation is known to be diff i ##cu ##lt . The patch is identified as 55 ##bed ##ea ##7 ##8 ##ae ##9 ##af ##9 ##16 ##a ##9 ##a ##41 ##4 ##9 ##7 ##b ##d ##9 ##9 ##9 ##64 ##17 ##8 ##51 ##50 ##2 . It is recommended to apply a patch to fix this issue . V ##D ##B - 218 ##8 ##9 ##4 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in b ##ast ##iana ##ll ##ge ##ier Kirby Web ##ment ##ions Plugin and c ##la ssi fi ##ed as problematic . Affected by this issue is some unknown functionality . The man ip ul ##ation leads to inject ion . The attack may be launched remotely . The complexity of an attack is rather high . The exploitation is known to be diff i ##cu ##lt . The patch is identified as 55 ##bed ##ea ##7 ##8 ##ae ##9 ##af ##9 ##16 ##a ##9 ##a ##41 ##4 ##9 ##7 ##b ##d ##9 ##9 ##9 ##64 ##17 ##8 ##51 ##50 ##2 . It is recommended to apply a patch to fix this issue . V ##D ##B - 218 ##8 ##9 ##4 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB-218894 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB- 218894 is the identifier assigned to this vulnerability
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in b ##ast ##iana ##ll ##ge ##ier Kirby Web ##ment ##ions Plugin and c ##la ssi fi ##ed as problematic . Affected by this issue is some unknown functionality . The man ip ul ##ation leads to inject ion . The attack may be launched remotely . The complexity of an attack is rather high . The exploitation is known to be diff i ##cu ##lt . The patch is identified as 55 ##bed ##ea ##7 ##8 ##ae ##9 ##af ##9 ##16 ##a ##9 ##a ##41 ##4 ##9 ##7 ##b ##d ##9 ##9 ##9 ##64 ##17 ##8 ##51 ##50 ##2 . It is recommended to apply a patch to fix this issue . V ##D ##B - 218 ##8 ##9 ##4 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in b ##ast ##iana ##ll ##ge ##ier Kirby Web ##ment ##ions Plugin and c ##la ssi fi ##ed as problematic . Affected by this issue is some unknown functionality . The man ip ul ##ation leads to inject ion . The attack may be launched remotely . The complexity of an attack is rather high . The exploitation is known to be diff i ##cu ##lt . The patch is identified as 55 ##bed ##ea ##7 ##8 ##ae ##9 ##af ##9 ##16 ##a ##9 ##a ##41 ##4 ##9 ##7 ##b ##d ##9 ##9 ##9 ##64 ##17 ##8 ##51 ##50 ##2 . It is recommended to apply a patch to fix this issue . V ##D ##B - 218 ##8 ##9 ##4 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB-218894 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB- 218894 is the identifier assigned to this vulnerability
#39 · cve_id CVE-2023-48505 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Adobe ▁Experience Manage r ▁versions ▁6 . 5 . 18 ▁and ▁earlier ▁are ▁affected ▁by ▁a ▁stored Cross-Site Scripting ( XSS ) ▁vulnerability ▁that ▁could ▁be ▁abused ▁by ▁a low-privileged ▁attacker ▁to inject malicious sc ▁rip t s ▁into ▁vulnerable ▁form ▁fields . Malicious JavaScript ▁may ▁be ▁executed ▁in ▁a victim’s browse r ▁when ▁they browse ▁to ▁the ▁page ▁containing ▁the ▁vulnerable ▁field . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
SHAP (words)
Adobe Experience Manager versions 6. 5. 18 and earlier are affected by a stored Cross- Site Scripting ( XSS) vulnerability that could be abused by a low- privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’ s browser when they browse to the page containing the vulnerable field
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe Experience Manage r versions 6 . 5 . 18 and earlier are affected by a stored Cross-Site Scripting ( XSS ) vulnerability that could be abused by a low-privileged attacker to inject malicious sc r ip t ##s int o vulnerable form fields . Malicious JavaScript may be exec u ##ted in a victim’s browse r when they browse to the page containing the vulnerable field . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe Experience Manage r versions 6 . 5 . 18 and earlier are affected by a stored Cross-Site Scripting ( XSS ) vulnerability that could be abused by a low-privileged attacker to inject malicious sc r ip t ##s int o vulnerable form fields . Malicious JavaScript may be exec u ##ted in a victim’s browse r when they browse to the page containing the vulnerable field . [SEP]
LIME (words)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
SHAP (words)
Adobe Experience Manager versions 6. 5. 18 and earlier are affected by a stored Cross- Site Scripting ( XSS) vulnerability that could be abused by a low- privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’ s browser when they browse to the page containing the vulnerable field
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe Experience Manage r versions 6 . 5 . 18 and earlier are affected by a stored Cross-Site Scripting ( XSS ) vulnerability that could be abused by a low-privileged attacker to inject malicious sc r ip t ##s int o vulnerable form fields . Malicious JavaScript may be exec u ##ted in a victim’s browse r when they browse to the page containing the vulnerable field . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe Experience Manage r versions 6 . 5 . 18 and earlier are affected by a stored Cross-Site Scripting ( XSS ) vulnerability that could be abused by a low-privileged attacker to inject malicious sc r ip t ##s int o vulnerable form fields . Malicious JavaScript may be exec u ##ted in a victim’s browse r when they browse to the page containing the vulnerable field . [SEP]
LIME (words)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
SHAP (words)
Adobe Experience Manager versions 6. 5. 18 and earlier are affected by a stored Cross- Site Scripting ( XSS) vulnerability that could be abused by a low- privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’ s browser when they browse to the page containing the vulnerable field
#40 · cve_id CVE-2021-21152 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Heap ▁buffer overflow ▁in ▁Media ▁in ▁Google Chrome ▁on ▁Linux ▁prior ▁to ▁88 . 0 . 43 24 . 18 2 ▁allowed ▁a ▁remote ▁attacker ▁to ▁potentially ▁exploit ▁heap ▁corruption ▁via ▁a ▁crafted HTML ▁page . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)
Heap buffer overflow in Media in Google Chrome on Linux prior to 88. 0. 4324. 182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Heap buffer overflow in Media in Google Chrome on Linux prior to 88 . 0 . 43 ##24 . 182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Heap buffer overflow in Media in Google Chrome on Linux prior to 88 . 0 . 43 ##24 . 182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LIME (words)
Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)
Heap buffer overflow in Media in Google Chrome on Linux prior to 88. 0. 4324. 182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Heap buffer overflow in Media in Google Chrome on Linux prior to 88 . 0 . 43 ##24 . 182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Heap buffer overflow in Media in Google Chrome on Linux prior to 88 . 0 . 43 ##24 . 182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LIME (words)
Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)
Heap buffer overflow in Media in Google Chrome on Linux prior to 88. 0. 4324. 182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
#41 · cve_id CVE-2023-2400 · pr
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Improper deletion ▁of ▁resource ▁in ▁the ▁user ▁man a gem ent ▁feature ▁in Devolutions ▁Server ▁20 23 . 1 . 8 ▁and ▁earlier ▁allows ▁an admin ▁is t rator ▁to ▁view ▁users ▁vault s ▁of delete d ▁users ▁via ▁database ▁access . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
SHAP (words)
Improper deletion of resource in the user management feature in Devolutions Server 2023. 1. 8 and earlier allows an administrator to view users vaults of deleted users via database access
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper deletion of resource in the user man ##a gem en ##t feature in Devolutions Server 202 ##3 . 1 . 8 and earlier allows an admin is ##tra ##tor to view users vault ##s of delete d users via da tab as ##e access . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper deletion of resource in the user man ##a gem en ##t feature in Devolutions Server 202 ##3 . 1 . 8 and earlier allows an admin is ##tra ##tor to view users vault ##s of delete d users via da tab as ##e access . [SEP]
LIME (words)
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
SHAP (words)
Improper deletion of resource in the user management feature in Devolutions Server 2023. 1. 8 and earlier allows an administrator to view users vaults of deleted users via database access
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper deletion of resource in the user man ##a gem en ##t feature in Devolutions Server 202 ##3 . 1 . 8 and earlier allows an admin is ##tra ##tor to view users vault ##s of delete d users via da tab as ##e access . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper deletion of resource in the user man ##a gem en ##t feature in Devolutions Server 202 ##3 . 1 . 8 and earlier allows an admin is ##tra ##tor to view users vault ##s of delete d users via da tab as ##e access . [SEP]
LIME (words)
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
SHAP (words)
Improper deletion of resource in the user management feature in Devolutions Server 2023. 1. 8 and earlier allows an administrator to view users vaults of deleted users via database access
#42 · cve_id CVE-2021-41959 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
JerryScript Git ▁version ▁14 ff 5 b f ▁does ▁not ▁sufficiently ▁track ▁and ▁release allocate d ▁memory ▁via j err y -c ▁or e / ec ma / operation s / ec ma - regex ▁p - object . c ▁after RegEx ▁p ▁which ▁causes ▁a ▁memory ▁leak . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp which causes a memory leak.
SHAP (words)
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry- core/ ecma/ operations/ ecma- regexp- object. c after RegExp which causes a memory leak
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] JerryScript Git version 14 ##ff ##5 ##b ##f does not sufficiently track and release allocate d memory via j err y -c ore / e ##c ##ma / operations / e ##c ##ma - regex p - object . c after RegEx p which causes a memory leak . [SEP]
LRP (+Pred, pos-only)
[CLS] JerryScript Git version 14 ##ff ##5 ##b ##f does not sufficiently track and release allocate d memory via j err y -c ore / e ##c ##ma / operations / e ##c ##ma - regex p - object . c after RegEx p which causes a memory leak . [SEP]
LIME (words)
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp which causes a memory leak.
SHAP (words)
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry- core/ ecma/ operations/ ecma- regexp- object. c after RegExp which causes a memory leak
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] JerryScript Git version 14 ##ff ##5 ##b ##f does not sufficiently track and release allocate d memory via j err y -c ore / e ##c ##ma / operations / e ##c ##ma - regex p - object . c after RegEx p which causes a memory leak . [SEP]
LRP (+Pred, pos-only)
[CLS] JerryScript Git version 14 ##ff ##5 ##b ##f does not sufficiently track and release allocate d memory via j err y -c ore / e ##c ##ma / operations / e ##c ##ma - regex p - object . c after RegEx p which causes a memory leak . [SEP]
LIME (words)
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp which causes a memory leak.
SHAP (words)
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry- core/ ecma/ operations/ ecma- regexp- object. c after RegExp which causes a memory leak
#43 · cve_id CVE-2021-28857 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
TP-Link ' s TL - WPA ▁42 20 ▁4 . 0 . 2 Build ▁2018 03 08 ▁R el . 3 70 64 username ▁and ▁password ▁are ▁sent ▁via ▁the ▁cookie . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.
SHAP (words)
TP- Link' s TL- WPA4220 4. 0. 2 Build 20180308 Rel. 37064 username and password are sent via the cookie
lrp-bert · Pred=NONE (0) · p=0.93 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TP-Link ' s T ##L - WPA 42 ##20 4 . 0 . 2 Build 2018 ##0 ##30 ##8 Re ##l . 370 ##64 username and password are sent via the cookie . [SEP]
LRP (+Pred, pos-only)
[CLS] TP-Link ' s T ##L - WPA 42 ##20 4 . 0 . 2 Build 2018 ##0 ##30 ##8 Re ##l . 370 ##64 username and password are sent via the cookie . [SEP]
LIME (words)
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.
SHAP (words)
TP- Link' s TL- WPA4220 4. 0. 2 Build 20180308 Rel. 37064 username and password are sent via the cookie
lrp-distilbert · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TP-Link ' s T ##L - WPA 42 ##20 4 . 0 . 2 Build 2018 ##0 ##30 ##8 Re ##l . 370 ##64 username and password are sent via the cookie . [SEP]
LRP (+Pred, pos-only)
[CLS] TP-Link ' s T ##L - WPA 42 ##20 4 . 0 . 2 Build 2018 ##0 ##30 ##8 Re ##l . 370 ##64 username and password are sent via the cookie . [SEP]
LIME (words)
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.
SHAP (words)
TP- Link' s TL- WPA4220 4. 0. 2 Build 20180308 Rel. 37064 username and password are sent via the cookie
#44 · cve_id CVE-2020-14542 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the ▁Oracle Solaris ▁product ▁of ▁Oracle ▁Systems ( com ponent : lib s uri ) . ▁The ▁supported ▁version ▁that ▁is ▁affected ▁is ▁11 . Easily exploitable ▁vulnerability ▁allows ▁low ▁privileged ▁attacker ▁with logon ▁to ▁the ▁infrastructure ▁where ▁Oracle Solaris executes ▁to ▁compromise ▁Oracle Solaris . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁read ▁access ▁to ▁a ▁subset ▁of ▁Oracle Solaris acce ssi ble ▁data . CVSS ▁3 . 1 ▁Base ▁Score ▁3 . 3 ( Con fid ential ity ▁impacts ) . CVSS Vector : ( CVSS : 3 . 1/ AV : L / AC : L / PR : L / UI : N / S : U / C : L / I : N / A : N ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
SHAP (words)
Vulnerability in the Oracle Solaris product of Oracle Systems ( component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3. 1 Base Score 3. 3 ( Confidentiality impacts). CVSS Vector: ( CVSS: 3. 1/ AV: L/ AC: L/ PR: L/ UI: N/ S: U/ C: L/ I: N/ A: N
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Solaris product of Oracle Systems ( component : l ##ib ##s uri ) . The supported version that is affected is 11 . Easily exploitable vulnerability allows low privileged attacker with logon to the in ##fra struct u ##re where Oracle Solaris executes to compromise Oracle Solaris . Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 3 . 3 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : L / UI : N / S : U / C : L / I : N / A : N ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Solaris product of Oracle Systems ( component : l ##ib ##s uri ) . The supported version that is affected is 11 . Easily exploitable vulnerability allows low privileged attacker with logon to the in ##fra struct u ##re where Oracle Solaris executes to compromise Oracle Solaris . Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 3 . 3 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : L / UI : N / S : U / C : L / I : N / A : N ) . [SEP]
LIME (words)
Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
SHAP (words)
Vulnerability in the Oracle Solaris product of Oracle Systems ( component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3. 1 Base Score 3. 3 ( Confidentiality impacts). CVSS Vector: ( CVSS: 3. 1/ AV: L/ AC: L/ PR: L/ UI: N/ S: U/ C: L/ I: N/ A: N
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Solaris product of Oracle Systems ( component : l ##ib ##s uri ) . The supported version that is affected is 11 . Easily exploitable vulnerability allows low privileged attacker with logon to the in ##fra struct u ##re where Oracle Solaris executes to compromise Oracle Solaris . Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 3 . 3 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : L / UI : N / S : U / C : L / I : N / A : N ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Solaris product of Oracle Systems ( component : l ##ib ##s uri ) . The supported version that is affected is 11 . Easily exploitable vulnerability allows low privileged attacker with logon to the in ##fra struct u ##re where Oracle Solaris executes to compromise Oracle Solaris . Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 3 . 3 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : L / UI : N / S : U / C : L / I : N / A : N ) . [SEP]
LIME (words)
Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
SHAP (words)
Vulnerability in the Oracle Solaris product of Oracle Systems ( component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3. 1 Base Score 3. 3 ( Confidentiality impacts). CVSS Vector: ( CVSS: 3. 1/ AV: L/ AC: L/ PR: L/ UI: N/ S: U/ C: L/ I: N/ A: N
#45 · cve_id CVE-2023-39275 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Multiple ▁integer overflow vulnerabilities ▁exist ▁in ▁the ▁L X T 2 ▁f ac ge ometry parsing ▁functionality ▁of GT K Wa ve ▁3 . 3 . 1 15 . ▁A spec i ally ▁crafted . l x t 2 ▁file ▁can ▁lead ▁to ▁arbitrary ▁code ▁execution . ▁A ▁victim ▁would ▁need ▁to ▁open ▁a malicious ▁file ▁to ▁trigger ▁these vulnerabilities . This ▁vulnerability ▁concerns ▁the ▁integer overflow ▁when allocating ▁the ▁` value ` ▁array . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array.
SHAP (words)
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3. 3. 115. A specially crafted . lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This vulnerability concerns the integer overflow when allocating the ` value` array
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mu ##lt ip le int e ##ger overflow vulnerabilities exist in the L ##XT ##2 f ##ac ##ge ##ome ##try parsing functionality of GT ##K ##W ##ave 3 . 3 . 115 . A spec i ##ally crafted . l ##x ##t ##2 file can lead to arbitrary code exec u ##tion . A victim would need to open a malicious file to trigger these vulnerabilities . This vulnerability concerns the int e ##ger overflow when allocating the ` value ` array . [SEP]
LRP (+Pred, pos-only)
[CLS] Mu ##lt ip le int e ##ger overflow vulnerabilities exist in the L ##XT ##2 f ##ac ##ge ##ome ##try parsing functionality of GT ##K ##W ##ave 3 . 3 . 115 . A spec i ##ally crafted . l ##x ##t ##2 file can lead to arbitrary code exec u ##tion . A victim would need to open a malicious file to trigger these vulnerabilities . This vulnerability concerns the int e ##ger overflow when allocating the ` value ` array . [SEP]
LIME (words)
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array.
SHAP (words)
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3. 3. 115. A specially crafted . lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This vulnerability concerns the integer overflow when allocating the ` value` array
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mu ##lt ip le int e ##ger overflow vulnerabilities exist in the L ##XT ##2 f ##ac ##ge ##ome ##try parsing functionality of GT ##K ##W ##ave 3 . 3 . 115 . A spec i ##ally crafted . l ##x ##t ##2 file can lead to arbitrary code exec u ##tion . A victim would need to open a malicious file to trigger these vulnerabilities . This vulnerability concerns the int e ##ger overflow when allocating the ` value ` array . [SEP]
LRP (+Pred, pos-only)
[CLS] Mu ##lt ip le int e ##ger overflow vulnerabilities exist in the L ##XT ##2 f ##ac ##ge ##ome ##try parsing functionality of GT ##K ##W ##ave 3 . 3 . 115 . A spec i ##ally crafted . l ##x ##t ##2 file can lead to arbitrary code exec u ##tion . A victim would need to open a malicious file to trigger these vulnerabilities . This vulnerability concerns the int e ##ger overflow when allocating the ` value ` array . [SEP]
LIME (words)
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array.
SHAP (words)
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3. 3. 115. A specially crafted . lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This vulnerability concerns the integer overflow when allocating the ` value` array
#46 · cve_id CVE-2021-25197 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.84 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Cross-site scripting ( XSS ) ▁vulnerability ▁in SourceCodester ▁Content Manage ment ▁System ▁v ▁1 . 0 ▁allows ▁remote ▁attackers ▁to inject ▁arbitrary ▁web sc ▁rip t ▁or HTML ▁via ▁the ▁search param eter ▁to ▁content _ man a gem ent _ system \ admin \ new _ content . php <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php
SHAP (words)
Cross- site scripting ( XSS) vulnerability in SourceCodester Content Management System v 1. 0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\ admin\ new_content. php
lrp-bert · Pred=NONE (0) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-site scripting ( XSS ) vulnerability in SourceCodester Content Manage men ##t System v 1 . 0 allows remote attackers to inject arbitrary web sc r ip t or HTML via the search param et ##er to content _ man ##a gem en ##t _ system \ admin \ new _ content . php [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-site scripting ( XSS ) vulnerability in SourceCodester Content Manage men ##t System v 1 . 0 allows remote attackers to inject arbitrary web sc r ip t or HTML via the search param et ##er to content _ man ##a gem en ##t _ system \ admin \ new _ content . php [SEP]
LIME (words)
Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php
SHAP (words)
Cross- site scripting ( XSS) vulnerability in SourceCodester Content Management System v 1. 0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\ admin\ new_content. php
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-site scripting ( XSS ) vulnerability in SourceCodester Content Manage men ##t System v 1 . 0 allows remote attackers to inject arbitrary web sc r ip t or HTML via the search param et ##er to content _ man ##a gem en ##t _ system \ admin \ new _ content . php [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-site scripting ( XSS ) vulnerability in SourceCodester Content Manage men ##t System v 1 . 0 allows remote attackers to inject arbitrary web sc r ip t or HTML via the search param et ##er to content _ man ##a gem en ##t _ system \ admin \ new _ content . php [SEP]
LIME (words)
Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php
SHAP (words)
Cross- site scripting ( XSS) vulnerability in SourceCodester Content Management System v 1. 0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\ admin\ new_content. php
#47 · cve_id CVE-2021-24932 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁Auto ▁Featured ▁Image ( Au to ▁Post ▁Thu mb na il ) WordPress plugin ▁before ▁3 . 9 . 3 ▁does ▁not sanitise ▁and e sc ▁a pe ▁the ▁post _ id param eter ▁before outputting ▁back ▁in ▁an admin ▁page ▁within ▁a JS ▁block ▁leading ▁to ▁a Reflected Cross-Site Scripting ▁issue . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block leading to a Reflected Cross-Site Scripting issue.
SHAP (words)
The Auto Featured Image ( Auto Post Thumbnail) WordPress plugin before 3. 9. 3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block leading to a Reflected Cross- Site Scripting issue
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Auto Featured Image ( Auto Post T ##hum ##b ##nail ) WordPress plugin before 3 . 9 . 3 does not sanitise and e sc a ##pe the post _ id param et ##er before outputting back in an admin page within a JS block leading to a Reflected Cross-Site Scripting issue . [SEP]
LRP (+Pred, pos-only)
[CLS] The Auto Featured Image ( Auto Post T ##hum ##b ##nail ) WordPress plugin before 3 . 9 . 3 does not sanitise and e sc a ##pe the post _ id param et ##er before outputting back in an admin page within a JS block leading to a Reflected Cross-Site Scripting issue . [SEP]
LIME (words)
The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block leading to a Reflected Cross-Site Scripting issue.
SHAP (words)
The Auto Featured Image ( Auto Post Thumbnail) WordPress plugin before 3. 9. 3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block leading to a Reflected Cross- Site Scripting issue
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Auto Featured Image ( Auto Post T ##hum ##b ##nail ) WordPress plugin before 3 . 9 . 3 does not sanitise and e sc a ##pe the post _ id param et ##er before outputting back in an admin page within a JS block leading to a Reflected Cross-Site Scripting issue . [SEP]
LRP (+Pred, pos-only)
[CLS] The Auto Featured Image ( Auto Post T ##hum ##b ##nail ) WordPress plugin before 3 . 9 . 3 does not sanitise and e sc a ##pe the post _ id param et ##er before outputting back in an admin page within a JS block leading to a Reflected Cross-Site Scripting issue . [SEP]
LIME (words)
The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block leading to a Reflected Cross-Site Scripting issue.
SHAP (words)
The Auto Featured Image ( Auto Post Thumbnail) WordPress plugin before 3. 9. 3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block leading to a Reflected Cross- Site Scripting issue
#48 · cve_id CVE-2022-3831 · pr
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The re CAPTCHA WordPress plugin ▁through ▁1 . 6 ▁does ▁not sanitise ▁and e sc ▁a pe ▁some ▁of ▁its ▁settings ▁which ▁could ▁allow ▁high ▁privilege ▁users ▁such ▁as admin ▁to ▁perform Stored Cross-Site Scripting ▁attacks ▁even ▁when ▁the unfiltered ▁_ html ▁capability ▁is disallowed ( for ▁example ▁in ▁multi site ▁setup ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
SHAP (words)
The reCAPTCHA WordPress plugin through 1. 6 does not sanitise and escape some of its settings which could allow high privilege users such as admin to perform Stored Cross- Site Scripting attacks even when the unfiltered_html capability is disallowed ( for example in multisite setup
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The re CAPTCHA WordPress plugin through 1 . 6 does not sanitise and e sc a ##pe some of its settings which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed ( for example in multi ##s ite setup ) . [SEP]
LRP (+Pred, pos-only)
[CLS] The re CAPTCHA WordPress plugin through 1 . 6 does not sanitise and e sc a ##pe some of its settings which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed ( for example in multi ##s ite setup ) . [SEP]
LIME (words)
The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
SHAP (words)
The reCAPTCHA WordPress plugin through 1. 6 does not sanitise and escape some of its settings which could allow high privilege users such as admin to perform Stored Cross- Site Scripting attacks even when the unfiltered_html capability is disallowed ( for example in multisite setup
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The re CAPTCHA WordPress plugin through 1 . 6 does not sanitise and e sc a ##pe some of its settings which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed ( for example in multi ##s ite setup ) . [SEP]
LRP (+Pred, pos-only)
[CLS] The re CAPTCHA WordPress plugin through 1 . 6 does not sanitise and e sc a ##pe some of its settings which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed ( for example in multi ##s ite setup ) . [SEP]
LIME (words)
The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
SHAP (words)
The reCAPTCHA WordPress plugin through 1. 6 does not sanitise and escape some of its settings which could allow high privilege users such as admin to perform Stored Cross- Site Scripting attacks even when the unfiltered_html capability is disallowed ( for example in multisite setup
#49 · cve_id CVE-2024-24266 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
g pac ▁v 2 . 2 . 1 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a Use-After-Free ( U AF ) ▁vulnerability ▁via ▁the ▁dash er _ configure ▁_ pid ▁function ▁at / src / fil ters / das her . c . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
SHAP (words)
gpac v2. 2. 1 was discovered to contain a Use- After- Free ( UAF) vulnerability via the dasher_configure_pid function at / src/ filters/ dasher. c
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] g ##pa ##c v ##2 . 2 . 1 was di sc over ##ed to contain a Use-After-Free ( UA F ) vulnerability via the dash ##er _ configure _ pid function at / src / filters / dash ##er . c . [SEP]
LRP (+Pred, pos-only)
[CLS] g ##pa ##c v ##2 . 2 . 1 was di sc over ##ed to contain a Use-After-Free ( UA F ) vulnerability via the dash ##er _ configure _ pid function at / src / filters / dash ##er . c . [SEP]
LIME (words)
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
SHAP (words)
gpac v2. 2. 1 was discovered to contain a Use- After- Free ( UAF) vulnerability via the dasher_configure_pid function at / src/ filters/ dasher. c
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] g ##pa ##c v ##2 . 2 . 1 was di sc over ##ed to contain a Use-After-Free ( UA F ) vulnerability via the dash ##er _ configure _ pid function at / src / filters / dash ##er . c . [SEP]
LRP (+Pred, pos-only)
[CLS] g ##pa ##c v ##2 . 2 . 1 was di sc over ##ed to contain a Use-After-Free ( UA F ) vulnerability via the dash ##er _ configure _ pid function at / src / filters / dash ##er . c . [SEP]
LIME (words)
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
SHAP (words)
gpac v2. 2. 1 was discovered to contain a Use- After- Free ( UAF) vulnerability via the dasher_configure_pid function at / src/ filters/ dasher. c
#50 · cve_id CVE-2022-28743 · pr
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Time-of-check Time-of-use ( TOCTOU ) ▁Race Condition vul er ability ▁in Foscam ▁R 2 C ▁IP ▁camera ▁running ▁System FW ▁< = ▁1 . 13 . 1 . 6 ▁and ▁Application FW ▁< = ▁2 . 91 . 2 . 66 ▁allows ▁an authenticated ▁remote ▁attacker ▁with admin ▁is t rator permissions ▁to ▁execute ▁arbitrary ▁remote ▁code ▁via ▁a malicious firmware ▁patch . ▁The ▁impact ▁of ▁this ▁vulnerability ▁is ▁that ▁the ▁remote ▁attacker ▁could ▁gain ▁full ▁remote ▁access ▁to ▁the ▁IP ▁camera ▁and ▁the ▁underlying ▁Linux ▁system ▁with ▁root permissions . ▁With ▁root ▁access ▁to ▁the ▁camera ' s ▁Linux ▁OS ▁an ▁attacker ▁could ▁effectively ▁change ▁the ▁code ▁that ▁is ▁running ▁add backdoor ▁access ▁or ▁invade ▁the ▁privacy ▁of ▁the ▁user ▁by accessing ▁the ▁live ▁camera ▁stream . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6 and Application FW <= 2.91.2.66 allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream.
SHAP (words)
Time- of- check Time- of- use ( TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1. 13. 1. 6 and Application FW <= 2. 91. 2. 66 allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera' s Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Time-of-check Time-of-use ( TOCTOU ) Race Condition v ##ule ##rab ##ility in Foscam R ##2 ##C IP camera running System FW < = 1 . 13 . 1 . 6 and App l ##ica ##tion FW < = 2 . 91 . 2 . 66 allows an authenticated remote attacker with admin is ##tra ##tor permissions to exec u ##te arbitrary remote code via a malicious firmware patch . The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions . With root access to the camera ' s Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream . [SEP]
LRP (+Pred, pos-only)
[CLS] Time-of-check Time-of-use ( TOCTOU ) Race Condition v ##ule ##rab ##ility in Foscam R ##2 ##C IP camera running System FW < = 1 . 13 . 1 . 6 and App l ##ica ##tion FW < = 2 . 91 . 2 . 66 allows an authenticated remote attacker with admin is ##tra ##tor permissions to exec u ##te arbitrary remote code via a malicious firmware patch . The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions . With root access to the camera ' s Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream . [SEP]
LIME (words)
Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6 and Application FW <= 2.91.2.66 allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream.
SHAP (words)
Time- of- check Time- of- use ( TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1. 13. 1. 6 and Application FW <= 2. 91. 2. 66 allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera' s Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Time-of-check Time-of-use ( TOCTOU ) Race Condition v ##ule ##rab ##ility in Foscam R ##2 ##C IP camera running System FW < = 1 . 13 . 1 . 6 and App l ##ica ##tion FW < = 2 . 91 . 2 . 66 allows an authenticated remote attacker with admin is ##tra ##tor permissions to exec u ##te arbitrary remote code via a malicious firmware patch . The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions . With root access to the camera ' s Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream . [SEP]
LRP (+Pred, pos-only)
[CLS] Time-of-check Time-of-use ( TOCTOU ) Race Condition v ##ule ##rab ##ility in Foscam R ##2 ##C IP camera running System FW < = 1 . 13 . 1 . 6 and App l ##ica ##tion FW < = 2 . 91 . 2 . 66 allows an authenticated remote attacker with admin is ##tra ##tor permissions to exec u ##te arbitrary remote code via a malicious firmware patch . The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions . With root access to the camera ' s Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream . [SEP]
LIME (words)
Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6 and Application FW <= 2.91.2.66 allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream.
SHAP (words)
Time- of- check Time- of- use ( TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1. 13. 1. 6 and Application FW <= 2. 91. 2. 66 allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera' s Linux OS an attacker could effectively change the code that is running add backdoor access or invade the privacy of the user by accessing the live camera stream
#51 · cve_id CVE-2021-29334 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁J I Z H I CMS ▁1 . 9 . 4 . ▁There ▁is ▁a CSRF ▁vulnerability ▁that ▁can ▁add ▁an admin ▁account ▁via ▁index / admin . php / Admin / admin ▁add . html <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index /admin.php/Admin/adminadd.html
SHAP (words)
An issue was discovered in JIZHI CMS 1. 9. 4. There is a CSRF vulnerability that can add an admin account via index / admin. php/ Admin/ adminadd. html
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in J ##I ##Z ##H ##I CMS 1 . 9 . 4 . There is a CSRF vulnerability that can add an admin account via index / admin . php / Admin / admin add . html [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in J ##I ##Z ##H ##I CMS 1 . 9 . 4 . There is a CSRF vulnerability that can add an admin account via index / admin . php / Admin / admin add . html [SEP]
LIME (words)
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index /admin.php/Admin/adminadd.html
SHAP (words)
An issue was discovered in JIZHI CMS 1. 9. 4. There is a CSRF vulnerability that can add an admin account via index / admin. php/ Admin/ adminadd. html
lrp-distilbert · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in J ##I ##Z ##H ##I CMS 1 . 9 . 4 . There is a CSRF vulnerability that can add an admin account via index / admin . php / Admin / admin add . html [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in J ##I ##Z ##H ##I CMS 1 . 9 . 4 . There is a CSRF vulnerability that can add an admin account via index / admin . php / Admin / admin add . html [SEP]
LIME (words)
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index /admin.php/Admin/adminadd.html
SHAP (words)
An issue was discovered in JIZHI CMS 1. 9. 4. There is a CSRF vulnerability that can add an admin account via index / admin. php/ Admin/ adminadd. html
#52 · cve_id CVE-2020-14979 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁Win R ing 0 . sys ▁and ▁Win R ing 0 x 64 . sys ▁drivers ▁1 . 2 . 0 ▁in ▁E VGA Precision ▁X 1 ▁through ▁1 . 0 . 6 ▁allow ▁local ▁users ▁including ▁low ▁integrity ▁processes ▁to ▁read ▁and ▁write ▁to ▁arbitrary ▁memory ▁locations . ▁This ▁allows ▁any ▁user ▁to ▁gain ▁NT ▁A UT HOR ITY \ SYSTEM ▁privileges ▁by ▁mapping \ Device \ Ph y s ical Me m ory ▁into ▁the ▁calling ▁process . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users including low integrity processes to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process.
SHAP (words)
The WinRing0. sys and WinRing0x64. sys drivers 1. 2. 0 in EVGA Precision X1 through 1. 0. 6 allow local users including low integrity processes to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\ SYSTEM privileges by mapping \ Device\ PhysicalMemory into the calling process
lrp-bert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Win ##R ##ing ##0 . s ##ys and Win ##R ##ing ##0 ##x ##64 . s ##ys drivers 1 . 2 . 0 in E VGA Precision X ##1 through 1 . 0 . 6 allow local users including low int e ##g ##rity processes to read and w ##r ite to arbitrary memory locations . This allows any user to gain NT AU ##TH ##OR ##IT ##Y \ SYSTEM privileges by map ping \ Device \ Physical ##M ##em ##ory int o the calling process . [SEP]
LRP (+Pred, pos-only)
[CLS] The Win ##R ##ing ##0 . s ##ys and Win ##R ##ing ##0 ##x ##64 . s ##ys drivers 1 . 2 . 0 in E VGA Precision X ##1 through 1 . 0 . 6 allow local users including low int e ##g ##rity processes to read and w ##r ite to arbitrary memory locations . This allows any user to gain NT AU ##TH ##OR ##IT ##Y \ SYSTEM privileges by map ping \ Device \ Physical ##M ##em ##ory int o the calling process . [SEP]
LIME (words)
The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users including low integrity processes to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process.
SHAP (words)
The WinRing0. sys and WinRing0x64. sys drivers 1. 2. 0 in EVGA Precision X1 through 1. 0. 6 allow local users including low integrity processes to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\ SYSTEM privileges by mapping \ Device\ PhysicalMemory into the calling process
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Win ##R ##ing ##0 . s ##ys and Win ##R ##ing ##0 ##x ##64 . s ##ys drivers 1 . 2 . 0 in E VGA Precision X ##1 through 1 . 0 . 6 allow local users including low int e ##g ##rity processes to read and w ##r ite to arbitrary memory locations . This allows any user to gain NT AU ##TH ##OR ##IT ##Y \ SYSTEM privileges by map ping \ Device \ Physical ##M ##em ##ory int o the calling process . [SEP]
LRP (+Pred, pos-only)
[CLS] The Win ##R ##ing ##0 . s ##ys and Win ##R ##ing ##0 ##x ##64 . s ##ys drivers 1 . 2 . 0 in E VGA Precision X ##1 through 1 . 0 . 6 allow local users including low int e ##g ##rity processes to read and w ##r ite to arbitrary memory locations . This allows any user to gain NT AU ##TH ##OR ##IT ##Y \ SYSTEM privileges by map ping \ Device \ Physical ##M ##em ##ory int o the calling process . [SEP]
LIME (words)
The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users including low integrity processes to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process.
SHAP (words)
The WinRing0. sys and WinRing0x64. sys drivers 1. 2. 0 in EVGA Precision X1 through 1. 0. 6 allow local users including low integrity processes to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\ SYSTEM privileges by mapping \ Device\ PhysicalMemory into the calling process
#53 · cve_id CVE-2021-22708 · pr
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁C WE - 3 47 : Improper Verification ▁of Cryptographic Signature ▁vulnerability ▁exists ▁in EV link ▁City ( EV C 1 S 22 P 4 / ▁E VC 1 S 7 P 4 ▁all ▁versions ▁prior ▁to ▁R 8 ▁V 3 . 4 . 0 . 1 ) EV link ▁Park ing ( EV W 2 / ▁E VF 2 / EV . 2 ▁all ▁versions ▁prior ▁to ▁R 8 ▁V 3 . 4 . 0 . 1 ) ▁and EV link ▁Smart ▁Wall box ( EV B 1 A ▁all ▁versions ▁prior ▁to ▁R 8 ▁V 3 . 4 . 0 . 1 ) ▁that ▁could ▁allow ▁an ▁attacker ▁to ▁craft ▁a malicious firmware ▁package ▁and ▁bypass ▁the ▁signature verification ▁mechanism . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1) EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1) and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism.
SHAP (words)
A CWE- 347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City ( EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3. 4. 0. 1) EVlink Parking ( EVW2 / EVF2 / EV. 2 all versions prior to R8 V3. 4. 0. 1) and EVlink Smart Wallbox ( EVB1A all versions prior to R8 V3. 4. 0. 1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism
lrp-bert · Pred=NONE (0) · p=0.97 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A CW ##E - 34 ##7 : Improper Verification of Cryptographic Signature vulnerability exists in E ##V ##link City ( E ##VC ##1 ##S ##22 ##P ##4 / E ##VC ##1 ##S ##7 ##P ##4 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) E ##V ##link Park ##ing ( E ##V ##W ##2 / E ##V ##F ##2 / E ##V . 2 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) and E ##V ##link Smart Wall ##box ( E ##VB ##1 ##A all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism . [SEP]
LRP (+Pred, pos-only)
[CLS] A CW ##E - 34 ##7 : Improper Verification of Cryptographic Signature vulnerability exists in E ##V ##link City ( E ##VC ##1 ##S ##22 ##P ##4 / E ##VC ##1 ##S ##7 ##P ##4 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) E ##V ##link Park ##ing ( E ##V ##W ##2 / E ##V ##F ##2 / E ##V . 2 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) and E ##V ##link Smart Wall ##box ( E ##VB ##1 ##A all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism . [SEP]
LIME (words)
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1) EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1) and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism.
SHAP (words)
A CWE- 347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City ( EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3. 4. 0. 1) EVlink Parking ( EVW2 / EVF2 / EV. 2 all versions prior to R8 V3. 4. 0. 1) and EVlink Smart Wallbox ( EVB1A all versions prior to R8 V3. 4. 0. 1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism
lrp-distilbert · Pred=NONE (0) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A CW ##E - 34 ##7 : Improper Verification of Cryptographic Signature vulnerability exists in E ##V ##link City ( E ##VC ##1 ##S ##22 ##P ##4 / E ##VC ##1 ##S ##7 ##P ##4 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) E ##V ##link Park ##ing ( E ##V ##W ##2 / E ##V ##F ##2 / E ##V . 2 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) and E ##V ##link Smart Wall ##box ( E ##VB ##1 ##A all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism . [SEP]
LRP (+Pred, pos-only)
[CLS] A CW ##E - 34 ##7 : Improper Verification of Cryptographic Signature vulnerability exists in E ##V ##link City ( E ##VC ##1 ##S ##22 ##P ##4 / E ##VC ##1 ##S ##7 ##P ##4 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) E ##V ##link Park ##ing ( E ##V ##W ##2 / E ##V ##F ##2 / E ##V . 2 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) and E ##V ##link Smart Wall ##box ( E ##VB ##1 ##A all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism . [SEP]
LIME (words)
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1) EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1) and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism.
SHAP (words)
A CWE- 347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City ( EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3. 4. 0. 1) EVlink Parking ( EVW2 / EVF2 / EV. 2 all versions prior to R8 V3. 4. 0. 1) and EVlink Smart Wallbox ( EVB1A all versions prior to R8 V3. 4. 0. 1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism
#54 · cve_id CVE-2022-41734 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁IBM Maximo Asset Manage ment ▁7 . 6 . 1 . 2 ▁and ▁7 . 6 . 1 . 3 ▁could ▁allow ▁a ▁remote ▁attacker ▁to ▁obtain ▁sensitive ▁in for matio n ▁when ▁a ▁detailed ▁technical err ▁or ▁message ▁is ▁returned ▁in ▁the browse r . ▁This ▁in for matio n ▁could ▁be ▁used ▁in ▁further ▁attacks ▁against ▁the ▁system . ▁IBM X-Force ▁ID : ▁23 75 87 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.
SHAP (words)
IBM Maximo Asset Management 7. 6. 1. 2 and 7. 6. 1. 3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X- Force ID: 237587
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM Maximo Asset Manage men ##t 7 . 6 . 1 . 2 and 7 . 6 . 1 . 3 could allow a remote attacker to obtain sensitive info ##r matio n when a detailed technical err or message is returned in the browse r . This info ##r matio n could be used in further attacks against the system . I BM X-Force ID : 237 ##5 ##8 ##7 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM Maximo Asset Manage men ##t 7 . 6 . 1 . 2 and 7 . 6 . 1 . 3 could allow a remote attacker to obtain sensitive info ##r matio n when a detailed technical err or message is returned in the browse r . This info ##r matio n could be used in further attacks against the system . I BM X-Force ID : 237 ##5 ##8 ##7 . [SEP]
LIME (words)
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.
SHAP (words)
IBM Maximo Asset Management 7. 6. 1. 2 and 7. 6. 1. 3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X- Force ID: 237587
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM Maximo Asset Manage men ##t 7 . 6 . 1 . 2 and 7 . 6 . 1 . 3 could allow a remote attacker to obtain sensitive info ##r matio n when a detailed technical err or message is returned in the browse r . This info ##r matio n could be used in further attacks against the system . I BM X-Force ID : 237 ##5 ##8 ##7 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM Maximo Asset Manage men ##t 7 . 6 . 1 . 2 and 7 . 6 . 1 . 3 could allow a remote attacker to obtain sensitive info ##r matio n when a detailed technical err or message is returned in the browse r . This info ##r matio n could be used in further attacks against the system . I BM X-Force ID : 237 ##5 ##8 ##7 . [SEP]
LIME (words)
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.
SHAP (words)
IBM Maximo Asset Management 7. 6. 1. 2 and 7. 6. 1. 3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X- Force ID: 237587
#55 · cve_id CVE-2020-15793 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁identified ▁in Desigo Insight ( All ▁versions ) . ▁The ▁device ▁does ▁not ▁properly ▁set ▁the X-Frame-Options HTTP Header ▁which ▁makes ▁it ▁vulnerable ▁to Clickjacking ▁attacks . ▁This ▁could ▁allow ▁an unauthenticated ▁attacker ▁to ▁retrieve ▁or ▁modify ▁data ▁in ▁the ▁context ▁of ▁a ▁legitimate ▁user ▁by tricking ▁that ▁user ▁to ▁click ▁on ▁a ▁website ▁controlled ▁by ▁the ▁attacker . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.
SHAP (words)
A vulnerability has been identified in Desigo Insight ( All versions). The device does not properly set the X- Frame- Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Desigo Insight ( All versions ) . The dev ice does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks . This could allow an unauthenticated attacker to retrieve or mod if ##y data in the context of a le git im ##ate user by tricking that user to cli c ##k on a web ##s ite controlled by the attacker . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Desigo Insight ( All versions ) . The dev ice does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks . This could allow an unauthenticated attacker to retrieve or mod if ##y data in the context of a le git im ##ate user by tricking that user to cli c ##k on a web ##s ite controlled by the attacker . [SEP]
LIME (words)
A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.
SHAP (words)
A vulnerability has been identified in Desigo Insight ( All versions). The device does not properly set the X- Frame- Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Desigo Insight ( All versions ) . The dev ice does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks . This could allow an unauthenticated attacker to retrieve or mod if ##y data in the context of a le git im ##ate user by tricking that user to cli c ##k on a web ##s ite controlled by the attacker . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Desigo Insight ( All versions ) . The dev ice does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks . This could allow an unauthenticated attacker to retrieve or mod if ##y data in the context of a le git im ##ate user by tricking that user to cli c ##k on a web ##s ite controlled by the attacker . [SEP]
LIME (words)
A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.
SHAP (words)
A vulnerability has been identified in Desigo Insight ( All versions). The device does not properly set the X- Frame- Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker
#56 · cve_id CVE-2022-48443 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁tele phon y ▁service ▁there ▁is ▁a ▁po ssi ble ▁mi ssi ng ▁per mi ssi ▁on ▁check . ▁This ▁could ▁lead ▁to ▁local ▁denial ▁of ▁service ▁with ▁no ▁additional ▁execution ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In telephony service there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
SHAP (words)
In telephony service there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In te ##le ##phony service there is a p ##o ssi b ##le mi ssi ng per ##mi ssi on check . This could lead to local denial of service with no additional exec u ##tion privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] In te ##le ##phony service there is a p ##o ssi b ##le mi ssi ng per ##mi ssi on check . This could lead to local denial of service with no additional exec u ##tion privileges . [SEP]
LIME (words)
In telephony service there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
SHAP (words)
In telephony service there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In te ##le ##phony service there is a p ##o ssi b ##le mi ssi ng per ##mi ssi on check . This could lead to local denial of service with no additional exec u ##tion privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] In te ##le ##phony service there is a p ##o ssi b ##le mi ssi ng per ##mi ssi on check . This could lead to local denial of service with no additional exec u ##tion privileges . [SEP]
LIME (words)
In telephony service there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
SHAP (words)
In telephony service there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges
#57 · cve_id CVE-2021-41298 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
ECO A BAS ▁controller ▁is ▁vulnerable ▁to insecure ▁direct ▁object ▁references ▁that ▁occur ▁when ▁the ▁application ▁provides ▁direct ▁access ▁to ▁objects ▁based ▁on user-supplied ▁input . ▁As ▁a ▁result ▁of ▁this ▁vulnerability ▁attackers ▁with ▁general ▁user ' s ▁privilege ▁can ▁remotely ▁bypass auth ▁or ization ▁and ▁access ▁the ▁hidden ▁resources ▁in ▁the ▁system ▁and ▁execute ▁privileged functionalities . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities.
SHAP (words)
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user- supplied input. As a result of this vulnerability attackers with general user' s privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities
lrp-bert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] EC OA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input . As a result of this vulnerability attackers with general user ' s privilege can remotely bypass auth or ##ization and access the hidden resources in the system and exec u ##te privileged functionalities . [SEP]
LRP (+Pred, pos-only)
[CLS] EC OA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input . As a result of this vulnerability attackers with general user ' s privilege can remotely bypass auth or ##ization and access the hidden resources in the system and exec u ##te privileged functionalities . [SEP]
LIME (words)
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities.
SHAP (words)
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user- supplied input. As a result of this vulnerability attackers with general user' s privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] EC OA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input . As a result of this vulnerability attackers with general user ' s privilege can remotely bypass auth or ##ization and access the hidden resources in the system and exec u ##te privileged functionalities . [SEP]
LRP (+Pred, pos-only)
[CLS] EC OA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input . As a result of this vulnerability attackers with general user ' s privilege can remotely bypass auth or ##ization and access the hidden resources in the system and exec u ##te privileged functionalities . [SEP]
LIME (words)
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities.
SHAP (words)
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user- supplied input. As a result of this vulnerability attackers with general user' s privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities
#58 · cve_id CVE-2022-31061 · pr
GT=NONE (0)
xlnet · Pred=LOW (1) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
GLPI ▁is ▁a ▁Free Asset ▁and ▁IT Manage ment ▁Software ▁package ▁Data ▁center ▁man a gem ent ITIL ▁Service Desk ▁licenses ▁tracking ▁and ▁software ▁audit ing . ▁In ▁affected ▁versions ▁there ▁is ▁a SQL inject ion ▁vulnerability ▁which ▁is ▁po ssi ble ▁on login ▁page . ▁No ▁user credential s ▁are ▁required ▁to ▁exploit ▁this ▁vulnerability . User s ▁are ▁advised ▁to ▁upgrade ▁as ▁soon ▁as ▁po ssi ble . ▁There ▁are ▁no ▁known workarounds ▁for ▁this ▁issue . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
GLPI is a Free Asset and IT Management Software package Data center management ITIL Service Desk licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
SHAP (words)
GLPI is a Free Asset and IT Management Software package Data center management ITIL Service Desk licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue
lrp-bert · Pred=NONE (0) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] GLPI is a Free Asset and IT Manage men ##t Software package Data center man ##a gem en ##t ITIL Service Desk licenses tracking and software audit ##ing . In affected versions there is a SQL inject ion vulnerability which is p ##o ssi b ##le on login page . No user credential s are required to exploit this vulnerability . User s are advised to upgrade as soon as p ##o ssi b ##le . There are no known workarounds for this issue . [SEP]
LRP (+Pred, pos-only)
[CLS] GLPI is a Free Asset and IT Manage men ##t Software package Data center man ##a gem en ##t ITIL Service Desk licenses tracking and software audit ##ing . In affected versions there is a SQL inject ion vulnerability which is p ##o ssi b ##le on login page . No user credential s are required to exploit this vulnerability . User s are advised to upgrade as soon as p ##o ssi b ##le . There are no known workarounds for this issue . [SEP]
LIME (words)
GLPI is a Free Asset and IT Management Software package Data center management ITIL Service Desk licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
SHAP (words)
GLPI is a Free Asset and IT Management Software package Data center management ITIL Service Desk licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue
lrp-distilbert · Pred=LOW (1) · p=0.62 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] GLPI is a Free Asset and IT Manage men ##t Software package Data center man ##a gem en ##t ITIL Service Desk licenses tracking and software audit ##ing . In affected versions there is a SQL inject ion vulnerability which is p ##o ssi b ##le on login page . No user credential s are required to exploit this vulnerability . User s are advised to upgrade as soon as p ##o ssi b ##le . There are no known workarounds for this issue . [SEP]
LRP (+Pred, pos-only)
[CLS] GLPI is a Free Asset and IT Manage men ##t Software package Data center man ##a gem en ##t ITIL Service Desk licenses tracking and software audit ##ing . In affected versions there is a SQL inject ion vulnerability which is p ##o ssi b ##le on login page . No user credential s are required to exploit this vulnerability . User s are advised to upgrade as soon as p ##o ssi b ##le . There are no known workarounds for this issue . [SEP]
LIME (words)
GLPI is a Free Asset and IT Management Software package Data center management ITIL Service Desk licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
SHAP (words)
GLPI is a Free Asset and IT Management Software package Data center management ITIL Service Desk licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue
#59 · cve_id CVE-2021-3839 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.92 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A flaw ▁was ▁found ▁in ▁the vhost ▁library ▁in DPDK . Function vhost ▁_ user _ set _ in flight _ f d ( ) ▁does ▁not validate ▁` msg - > pay load . in flight . num _ queue s ` ▁po ssi b ly ▁causing out-of-bounds ▁memory ▁read / write . ▁Any ▁software ▁using DPDK vhost ▁library ▁may ▁crash ▁as ▁a ▁result ▁of ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues` possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
SHAP (words)
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate ` msg-> payload. inflight. num_queues` possibly causing out- of- bounds memory read/ write. Any software using DPDK vhost library may crash as a result of this vulnerability
lrp-bert · Pred=LOW (1) · p=0.71 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A flaw was found in the vhost library in DPDK . Function vhost _ user _ set _ in ##f ##light _ f ##d ( ) does not validate ` msg - > payload . in ##f ##light . n ##um _ queue s ` p ##o ssi b ##ly causing out-of-bounds memory read / w ##r ite . Any software using DPDK vhost library may crash as a result of this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A flaw was found in the vhost library in DPDK . Function vhost _ user _ set _ in ##f ##light _ f ##d ( ) does not validate ` msg - > payload . in ##f ##light . n ##um _ queue s ` p ##o ssi b ##ly causing out-of-bounds memory read / w ##r ite . Any software using DPDK vhost library may crash as a result of this vulnerability . [SEP]
LIME (words)
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues` possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
SHAP (words)
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate ` msg-> payload. inflight. num_queues` possibly causing out- of- bounds memory read/ write. Any software using DPDK vhost library may crash as a result of this vulnerability
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A flaw was found in the vhost library in DPDK . Function vhost _ user _ set _ in ##f ##light _ f ##d ( ) does not validate ` msg - > payload . in ##f ##light . n ##um _ queue s ` p ##o ssi b ##ly causing out-of-bounds memory read / w ##r ite . Any software using DPDK vhost library may crash as a result of this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A flaw was found in the vhost library in DPDK . Function vhost _ user _ set _ in ##f ##light _ f ##d ( ) does not validate ` msg - > payload . in ##f ##light . n ##um _ queue s ` p ##o ssi b ##ly causing out-of-bounds memory read / w ##r ite . Any software using DPDK vhost library may crash as a result of this vulnerability . [SEP]
LIME (words)
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues` possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
SHAP (words)
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate ` msg-> payload. inflight. num_queues` possibly causing out- of- bounds memory read/ write. Any software using DPDK vhost library may crash as a result of this vulnerability
#60 · cve_id CVE-2019-20880 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁in Mattermost ▁Server ▁before ▁5 . 8 . 0 ▁5 . 7 . 2 ▁5 . 6 . 5 ▁and ▁4 . 10 . 7 . ▁It ▁allows ▁attackers ▁to ▁cause ▁a ▁denial ▁of ▁service ( me m ory ▁consumption ) ▁via ▁Open Graph . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered in Mattermost Server before 5.8.0 5.7.2 5.6.5 and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
SHAP (words)
An issue was discovered in Mattermost Server before 5. 8. 0 5. 7. 2 5. 6. 5 and 4. 10. 7. It allows attackers to cause a denial of service ( memory consumption) via OpenGraph
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in Mattermost Server before 5 . 8 . 0 5 . 7 . 2 5 . 6 . 5 and 4 . 10 . 7 . It allows attackers to cause a denial of service ( memory consumption ) via Open Graph . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in Mattermost Server before 5 . 8 . 0 5 . 7 . 2 5 . 6 . 5 and 4 . 10 . 7 . It allows attackers to cause a denial of service ( memory consumption ) via Open Graph . [SEP]
LIME (words)
An issue was discovered in Mattermost Server before 5.8.0 5.7.2 5.6.5 and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
SHAP (words)
An issue was discovered in Mattermost Server before 5. 8. 0 5. 7. 2 5. 6. 5 and 4. 10. 7. It allows attackers to cause a denial of service ( memory consumption) via OpenGraph
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in Mattermost Server before 5 . 8 . 0 5 . 7 . 2 5 . 6 . 5 and 4 . 10 . 7 . It allows attackers to cause a denial of service ( memory consumption ) via Open Graph . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in Mattermost Server before 5 . 8 . 0 5 . 7 . 2 5 . 6 . 5 and 4 . 10 . 7 . It allows attackers to cause a denial of service ( memory consumption ) via Open Graph . [SEP]
LIME (words)
An issue was discovered in Mattermost Server before 5.8.0 5.7.2 5.6.5 and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
SHAP (words)
An issue was discovered in Mattermost Server before 5. 8. 0 5. 7. 2 5. 6. 5 and 4. 10. 7. It allows attackers to cause a denial of service ( memory consumption) via OpenGraph
#61 · cve_id CVE-2023-44094 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Type ▁confusion ▁vulnerability ▁in ▁the ▁distributed ▁file ▁module . Successful ▁exploitation ▁of ▁this ▁vulnerability ▁may ▁cause ▁the ▁device ▁to ▁restart . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
SHAP (words)
Type confusion vulnerability in the distributed file module. Successful exploitation of this vulnerability may cause the device to restart
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Type confusion vulnerability in the distributed file mod ul ##e . Successful exploitation of this vulnerability may cause the dev ice to re ##s tar t . [SEP]
LRP (+Pred, pos-only)
[CLS] Type confusion vulnerability in the distributed file mod ul ##e . Successful exploitation of this vulnerability may cause the dev ice to re ##s tar t . [SEP]
LIME (words)
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
SHAP (words)
Type confusion vulnerability in the distributed file module. Successful exploitation of this vulnerability may cause the device to restart
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Type confusion vulnerability in the distributed file mod ul ##e . Successful exploitation of this vulnerability may cause the dev ice to re ##s tar t . [SEP]
LRP (+Pred, pos-only)
[CLS] Type confusion vulnerability in the distributed file mod ul ##e . Successful exploitation of this vulnerability may cause the dev ice to re ##s tar t . [SEP]
LIME (words)
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
SHAP (words)
Type confusion vulnerability in the distributed file module. Successful exploitation of this vulnerability may cause the device to restart
#62 · cve_id CVE-2015-8972 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Stack-based ▁buffer overflow ▁in ▁the Validate ▁Mo ve ▁function ▁in frontend / move . cc ▁in GNU ▁Chess ( aka g nu ches s ) ▁before ▁6 . 2 . 4 ▁might ▁allow context-dependent ▁attackers ▁to ▁execute ▁arbitrary ▁code ▁via ▁a ▁large ▁input ▁as ▁demonstrated ▁when ▁in ▁UCI ▁mode . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input as demonstrated when in UCI mode.
SHAP (words)
Stack- based buffer overflow in the ValidateMove function in frontend/ move. cc in GNU Chess ( aka gnuchess) before 6. 2. 4 might allow context- dependent attackers to execute arbitrary code via a large input as demonstrated when in UCI mode
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Stack-based buffer overflow in the Validate Move function in frontend / move . cc in GNU Chess ( aka g ##nu ##chess ) before 6 . 2 . 4 might allow context-dependent attackers to exec u ##te arbitrary code via a large input as demonstrated when in U CI mod e . [SEP]
LRP (+Pred, pos-only)
[CLS] Stack-based buffer overflow in the Validate Move function in frontend / move . cc in GNU Chess ( aka g ##nu ##chess ) before 6 . 2 . 4 might allow context-dependent attackers to exec u ##te arbitrary code via a large input as demonstrated when in U CI mod e . [SEP]
LIME (words)
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input as demonstrated when in UCI mode.
SHAP (words)
Stack- based buffer overflow in the ValidateMove function in frontend/ move. cc in GNU Chess ( aka gnuchess) before 6. 2. 4 might allow context- dependent attackers to execute arbitrary code via a large input as demonstrated when in UCI mode
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Stack-based buffer overflow in the Validate Move function in frontend / move . cc in GNU Chess ( aka g ##nu ##chess ) before 6 . 2 . 4 might allow context-dependent attackers to exec u ##te arbitrary code via a large input as demonstrated when in U CI mod e . [SEP]
LRP (+Pred, pos-only)
[CLS] Stack-based buffer overflow in the Validate Move function in frontend / move . cc in GNU Chess ( aka g ##nu ##chess ) before 6 . 2 . 4 might allow context-dependent attackers to exec u ##te arbitrary code via a large input as demonstrated when in U CI mod e . [SEP]
LIME (words)
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input as demonstrated when in UCI mode.
SHAP (words)
Stack- based buffer overflow in the ValidateMove function in frontend/ move. cc in GNU Chess ( aka gnuchess) before 6. 2. 4 might allow context- dependent attackers to execute arbitrary code via a large input as demonstrated when in UCI mode
#63 · cve_id CVE-2022-40958 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁By injecting ▁a ▁cookie ▁with ▁certain spec ial ▁characters ▁an ▁attacker ▁on ▁a ▁shared subdomain ▁which ▁is ▁not ▁a ▁secure ▁context ▁could ▁set ▁and ▁thus overwrite ▁cookies ▁from ▁a ▁secure ▁context ▁leading ▁to se ssi ▁on fixation ▁and ▁other ▁attacks . ▁This ▁vulnerability ▁affects Firefox ESR ▁< ▁102 . 3 Thunderbird ▁< ▁102 . 3 ▁and Firefox ▁< ▁105 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
By injecting a cookie with certain special characters an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3 Thunderbird < 102.3 and Firefox < 105.
SHAP (words)
By injecting a cookie with certain special characters an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102. 3 Thunderbird < 102. 3 and Firefox < 105
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] By injecting a cookie with certain spec i ##al char act ##ers an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to se ssi on fixation and other attacks . This vulnerability affects Firefox ESR < 102 . 3 Thunderbird < 102 . 3 and Firefox < 105 . [SEP]
LRP (+Pred, pos-only)
[CLS] By injecting a cookie with certain spec i ##al char act ##ers an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to se ssi on fixation and other attacks . This vulnerability affects Firefox ESR < 102 . 3 Thunderbird < 102 . 3 and Firefox < 105 . [SEP]
LIME (words)
By injecting a cookie with certain special characters an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3 Thunderbird < 102.3 and Firefox < 105.
SHAP (words)
By injecting a cookie with certain special characters an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102. 3 Thunderbird < 102. 3 and Firefox < 105
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] By injecting a cookie with certain spec i ##al char act ##ers an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to se ssi on fixation and other attacks . This vulnerability affects Firefox ESR < 102 . 3 Thunderbird < 102 . 3 and Firefox < 105 . [SEP]
LRP (+Pred, pos-only)
[CLS] By injecting a cookie with certain spec i ##al char act ##ers an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to se ssi on fixation and other attacks . This vulnerability affects Firefox ESR < 102 . 3 Thunderbird < 102 . 3 and Firefox < 105 . [SEP]
LIME (words)
By injecting a cookie with certain special characters an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3 Thunderbird < 102.3 and Firefox < 105.
SHAP (words)
By injecting a cookie with certain special characters an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102. 3 Thunderbird < 102. 3 and Firefox < 105
#64 · cve_id CVE-2022-35206 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Null pointer dereference ▁vulnerability ▁in Binutils ▁read elf ▁2 . 38 . 50 ▁via ▁function ▁read _ and _ dis play _ att r _ value ▁in ▁file ▁dwarf . c . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
SHAP (words)
Null pointer dereference vulnerability in Binutils readelf 2. 38. 50 via function read_and_display_attr_value in file dwarf. c
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Null pointer dereference vulnerability in Binutils read elf 2 . 38 . 50 via function read _ and _ display _ at ##tr _ value in file dwarf . c . [SEP]
LRP (+Pred, pos-only)
[CLS] Null pointer dereference vulnerability in Binutils read elf 2 . 38 . 50 via function read _ and _ display _ at ##tr _ value in file dwarf . c . [SEP]
LIME (words)
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
SHAP (words)
Null pointer dereference vulnerability in Binutils readelf 2. 38. 50 via function read_and_display_attr_value in file dwarf. c
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Null pointer dereference vulnerability in Binutils read elf 2 . 38 . 50 via function read _ and _ display _ at ##tr _ value in file dwarf . c . [SEP]
LRP (+Pred, pos-only)
[CLS] Null pointer dereference vulnerability in Binutils read elf 2 . 38 . 50 via function read _ and _ display _ at ##tr _ value in file dwarf . c . [SEP]
LIME (words)
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
SHAP (words)
Null pointer dereference vulnerability in Binutils readelf 2. 38. 50 via function read_and_display_attr_value in file dwarf. c
#65 · cve_id CVE-2019-5506 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Clustered ▁Data ONTAP ▁versions ▁9 . 0 ▁and ▁higher ▁do ▁not ▁enforce hostname verification ▁under ▁certain ▁circumstances ▁making ▁them su sc ep t ible ▁to impersonation ▁via man-in-the-middle ▁attacks . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.
SHAP (words)
Clustered Data ONTAP versions 9. 0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man- in- the- middle attacks
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Clustered Data ONTAP versions 9 . 0 and higher do not enforce hostname verification under certain circumstances making them su sc e ##pt ##ible to impersonation via man-in-the-middle attacks . [SEP]
LRP (+Pred, pos-only)
[CLS] Clustered Data ONTAP versions 9 . 0 and higher do not enforce hostname verification under certain circumstances making them su sc e ##pt ##ible to impersonation via man-in-the-middle attacks . [SEP]
LIME (words)
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.
SHAP (words)
Clustered Data ONTAP versions 9. 0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man- in- the- middle attacks
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Clustered Data ONTAP versions 9 . 0 and higher do not enforce hostname verification under certain circumstances making them su sc e ##pt ##ible to impersonation via man-in-the-middle attacks . [SEP]
LRP (+Pred, pos-only)
[CLS] Clustered Data ONTAP versions 9 . 0 and higher do not enforce hostname verification under certain circumstances making them su sc e ##pt ##ible to impersonation via man-in-the-middle attacks . [SEP]
LIME (words)
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.
SHAP (words)
Clustered Data ONTAP versions 9. 0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man- in- the- middle attacks
#66 · cve_id CVE-2022-20751 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁in ▁the Snort ▁detection ▁engine ▁integration ▁for Cisco Firepower Threat ▁Defense ( FTD ) ▁Software ▁could ▁allow ▁an unauthenticated ▁remote ▁attacker ▁to ▁cause ▁unlimited ▁memory ▁consumption ▁which ▁could ▁lead ▁to ▁a ▁denial ▁of ▁service ( DoS ) ▁condition ▁on ▁an ▁affected ▁device . ▁This ▁vulnerability ▁is ▁due ▁to ▁insufficient ▁memory ▁man a gem ent ▁for ▁certain Snort ▁events . ▁An ▁attacker ▁could ▁exploit ▁this ▁vulnerability ▁by ▁sending ▁a ▁series ▁of ▁crafted ▁IP ▁packet s ▁that ▁would ▁generate spec ific Snort ▁events ▁on ▁an ▁affected ▁device . ▁A ▁sustained ▁attack ▁could ▁cause ▁an ▁out ▁of ▁memory ▁condition ▁on ▁the ▁affected ▁device . ▁A ▁successful ▁exploit ▁could ▁allow ▁the ▁attacker ▁to ▁in t err ▁up t ▁all ▁traffic ▁flowing ▁through ▁the ▁affected ▁device . ▁In ▁some ▁circumstances ▁the ▁attacker ▁may ▁be ▁able ▁to ▁cause ▁the ▁device ▁to reload ▁resulting ▁in ▁a DoS ▁condition . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated remote attacker to cause unlimited memory consumption which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances the attacker may be able to cause the device to reload resulting in a DoS condition.
SHAP (words)
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense ( FTD) Software could allow an unauthenticated remote attacker to cause unlimited memory consumption which could lead to a denial of service ( DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances the attacker may be able to cause the device to reload resulting in a DoS condition
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability in the Snort detection engine int e ##gration for Cisco Firepower Threat Defense ( FTD ) Software could allow an unauthenticated remote attacker to cause un ##lim ite d memory consumption which could lead to a denial of service ( DoS ) condition on an affected dev ice . This vulnerability is due to insufficient memory man ##a gem en ##t for certain Snort events . An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate spec if ##ic Snort events on an affected dev ice . A sustained attack could cause an out of memory condition on the affected dev ice . A successful exploit could allow the attacker to int err up ##t all traffic flowing through the affected dev ice . In some circumstances the attacker may be able to cause the dev ice to reload resulting in a DoS condition . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability in the Snort detection engine int e ##gration for Cisco Firepower Threat Defense ( FTD ) Software could allow an unauthenticated remote attacker to cause un ##lim ite d memory consumption which could lead to a denial of service ( DoS ) condition on an affected dev ice . This vulnerability is due to insufficient memory man ##a gem en ##t for certain Snort events . An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate spec if ##ic Snort events on an affected dev ice . A sustained attack could cause an out of memory condition on the affected dev ice . A successful exploit could allow the attacker to int err up ##t all traffic flowing through the affected dev ice . In some circumstances the attacker may be able to cause the dev ice to reload resulting in a DoS condition . [SEP]
LIME (words)
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated remote attacker to cause unlimited memory consumption which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances the attacker may be able to cause the device to reload resulting in a DoS condition.
SHAP (words)
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense ( FTD) Software could allow an unauthenticated remote attacker to cause unlimited memory consumption which could lead to a denial of service ( DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances the attacker may be able to cause the device to reload resulting in a DoS condition
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability in the Snort detection engine int e ##gration for Cisco Firepower Threat Defense ( FTD ) Software could allow an unauthenticated remote attacker to cause un ##lim ite d memory consumption which could lead to a denial of service ( DoS ) condition on an affected dev ice . This vulnerability is due to insufficient memory man ##a gem en ##t for certain Snort events . An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate spec if ##ic Snort events on an affected dev ice . A sustained attack could cause an out of memory condition on the affected dev ice . A successful exploit could allow the attacker to int err up ##t all traffic flowing through the affected dev ice . In some circumstances the attacker may be able to cause the dev ice to reload resulting in a DoS condition . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability in the Snort detection engine int e ##gration for Cisco Firepower Threat Defense ( FTD ) Software could allow an unauthenticated remote attacker to cause un ##lim ite d memory consumption which could lead to a denial of service ( DoS ) condition on an affected dev ice . This vulnerability is due to insufficient memory man ##a gem en ##t for certain Snort events . An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate spec if ##ic Snort events on an affected dev ice . A sustained attack could cause an out of memory condition on the affected dev ice . A successful exploit could allow the attacker to int err up ##t all traffic flowing through the affected dev ice . In some circumstances the attacker may be able to cause the dev ice to reload resulting in a DoS condition . [SEP]
LIME (words)
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated remote attacker to cause unlimited memory consumption which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances the attacker may be able to cause the device to reload resulting in a DoS condition.
SHAP (words)
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense ( FTD) Software could allow an unauthenticated remote attacker to cause unlimited memory consumption which could lead to a denial of service ( DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances the attacker may be able to cause the device to reload resulting in a DoS condition
#67 · cve_id CVE-2023-25540 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Dell PowerScale OneFS ▁9 . 4 . 0 . x ▁contains ▁an ▁incorrect ▁default permissions ▁vulnerability . ▁A ▁local malicious ▁user ▁could ▁potentially ▁exploit ▁this ▁vulnerability ▁to overwrite ▁arbitrary ▁files ▁causing ▁denial ▁of ▁service . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.
SHAP (words)
Dell PowerScale OneFS 9. 4. 0. x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service
lrp-bert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Dell PowerScale OneFS 9 . 4 . 0 . x contains an incorrect default permissions vulnerability . A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service . [SEP]
LRP (+Pred, pos-only)
[CLS] Dell PowerScale OneFS 9 . 4 . 0 . x contains an incorrect default permissions vulnerability . A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service . [SEP]
LIME (words)
Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.
SHAP (words)
Dell PowerScale OneFS 9. 4. 0. x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service
lrp-distilbert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Dell PowerScale OneFS 9 . 4 . 0 . x contains an incorrect default permissions vulnerability . A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service . [SEP]
LRP (+Pred, pos-only)
[CLS] Dell PowerScale OneFS 9 . 4 . 0 . x contains an incorrect default permissions vulnerability . A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service . [SEP]
LIME (words)
Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.
SHAP (words)
Dell PowerScale OneFS 9. 4. 0. x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service
#68 · cve_id CVE-2020-9694 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Adobe Acrobat ▁and ▁Reader ▁versions ▁2020 . 00 9 . 2007 4 ▁and ▁earlier ▁2020 . 001 . 300 02 ▁2017 . 0 11 . 30 17 1 ▁and ▁earlier ▁and ▁2015 . 00 6 . 30 5 23 ▁and ▁earlier ▁have ▁an out-of-bounds ▁write ▁vulnerability . Successful ▁exploitation ▁could ▁lead ▁to ▁arbitrary ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Adobe Acrobat and Reader versions 2020.009.20074 and earlier 2020.001.30002 2017.011.30171 and earlier and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
SHAP (words)
Adobe Acrobat and Reader versions 2020. 009. 20074 and earlier 2020. 001. 30002 2017. 011. 30171 and earlier and 2015. 006. 30523 and earlier have an out- of- bounds write vulnerability. Successful exploitation could lead to arbitrary code execution
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe Acrobat and Reader versions 2020 . 00 ##9 . 2007 ##4 and earlier 2020 . 00 ##1 . 3000 ##2 2017 . 01 ##1 . 301 ##7 ##1 and earlier and 2015 . 00 ##6 . 305 ##23 and earlier have an out-of-bounds w ##r ite vulnerability . Successful exploitation could lead to arbitrary code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe Acrobat and Reader versions 2020 . 00 ##9 . 2007 ##4 and earlier 2020 . 00 ##1 . 3000 ##2 2017 . 01 ##1 . 301 ##7 ##1 and earlier and 2015 . 00 ##6 . 305 ##23 and earlier have an out-of-bounds w ##r ite vulnerability . Successful exploitation could lead to arbitrary code exec u ##tion . [SEP]
LIME (words)
Adobe Acrobat and Reader versions 2020.009.20074 and earlier 2020.001.30002 2017.011.30171 and earlier and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
SHAP (words)
Adobe Acrobat and Reader versions 2020. 009. 20074 and earlier 2020. 001. 30002 2017. 011. 30171 and earlier and 2015. 006. 30523 and earlier have an out- of- bounds write vulnerability. Successful exploitation could lead to arbitrary code execution
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe Acrobat and Reader versions 2020 . 00 ##9 . 2007 ##4 and earlier 2020 . 00 ##1 . 3000 ##2 2017 . 01 ##1 . 301 ##7 ##1 and earlier and 2015 . 00 ##6 . 305 ##23 and earlier have an out-of-bounds w ##r ite vulnerability . Successful exploitation could lead to arbitrary code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe Acrobat and Reader versions 2020 . 00 ##9 . 2007 ##4 and earlier 2020 . 00 ##1 . 3000 ##2 2017 . 01 ##1 . 301 ##7 ##1 and earlier and 2015 . 00 ##6 . 305 ##23 and earlier have an out-of-bounds w ##r ite vulnerability . Successful exploitation could lead to arbitrary code exec u ##tion . [SEP]
LIME (words)
Adobe Acrobat and Reader versions 2020.009.20074 and earlier 2020.001.30002 2017.011.30171 and earlier and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
SHAP (words)
Adobe Acrobat and Reader versions 2020. 009. 20074 and earlier 2020. 001. 30002 2017. 011. 30171 and earlier and 2015. 006. 30523 and earlier have an out- of- bounds write vulnerability. Successful exploitation could lead to arbitrary code execution
#69 · cve_id CVE-2022-4453 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁3 D ▁Flip Book WordPress plugin ▁through ▁1 . 13 . 2 ▁does ▁not validate ▁or e sc ▁a pe ▁some ▁of ▁its shortcode ▁attributes ▁before outputting ▁them ▁back ▁in ▁the ▁page ▁which ▁could ▁allow ▁users ▁with ▁a ▁role ▁as ▁low ▁as Contributor ▁to ▁perform Stored Cross-Site Scripting ▁attacks ▁against ▁high ▁privilege ▁users ▁like admin ▁is tra tors . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators.
SHAP (words)
The 3D FlipBook WordPress plugin through 1. 13. 2 does not validate or escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross- Site Scripting attacks against high privilege users like administrators
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The 3D F ##l ip Book WordPress plugin through 1 . 13 . 2 does not validate or e sc a ##pe some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like admin is ##tra ##tors . [SEP]
LRP (+Pred, pos-only)
[CLS] The 3D F ##l ip Book WordPress plugin through 1 . 13 . 2 does not validate or e sc a ##pe some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like admin is ##tra ##tors . [SEP]
LIME (words)
The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators.
SHAP (words)
The 3D FlipBook WordPress plugin through 1. 13. 2 does not validate or escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross- Site Scripting attacks against high privilege users like administrators
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The 3D F ##l ip Book WordPress plugin through 1 . 13 . 2 does not validate or e sc a ##pe some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like admin is ##tra ##tors . [SEP]
LRP (+Pred, pos-only)
[CLS] The 3D F ##l ip Book WordPress plugin through 1 . 13 . 2 does not validate or e sc a ##pe some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like admin is ##tra ##tors . [SEP]
LIME (words)
The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators.
SHAP (words)
The 3D FlipBook WordPress plugin through 1. 13. 2 does not validate or escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as Contributor to perform Stored Cross- Site Scripting attacks against high privilege users like administrators
#70 · cve_id CVE-2021-20698 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Sharp NEC Display s ( UN 46 2 A ▁R 1 . 300 ▁and ▁prior ▁to ▁it ▁UN 46 2 VA ▁R 1 . 300 ▁and ▁prior ▁to ▁it ▁UN 49 2 S ▁R 1 . 300 ▁and ▁prior ▁to ▁it ▁UN 49 2 V S ▁R 1 . 300 ▁and ▁prior ▁to ▁it ▁UN 55 2 A ▁R 1 . 300 ▁and ▁prior ▁to ▁it ▁UN 55 2 S ▁R 1 . 300 ▁and ▁prior ▁to ▁it ▁UN 55 2 V S ▁R 1 . 300 ▁and ▁prior ▁to ▁it ▁UN 55 2 ▁R 1 . 300 ▁and ▁prior ▁to ▁it ▁UN 55 2 V ▁R 1 . 300 ▁and ▁prior ▁to ▁it UX 55 2 S ▁R 1 . 300 ▁and ▁prior ▁to ▁it UX 55 2 ▁R 1 . 300 ▁and ▁prior ▁to ▁it ▁V 86 4 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁C 86 1 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁P 75 4 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁V 75 4 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁C 75 1 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁V 98 4 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁C 98 1 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁P 65 4 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁V 65 4 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁C 65 1 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁V 55 4 Q ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁P 40 4 ▁R 3 . 200 ▁and ▁prior ▁to ▁it ▁P 48 4 ▁R 3 . 200 ▁and ▁prior ▁to ▁it ▁P 55 4 ▁R 3 . 200 ▁and ▁prior ▁to ▁it ▁V 40 4 ▁R 3 . 200 ▁and ▁prior ▁to ▁it ▁V 48 4 ▁R 3 . 200 ▁and ▁prior ▁to ▁it ▁V 55 4 ▁R 3 . 200 ▁and ▁prior ▁to ▁it ▁V 40 4 - T ▁R 3 . 200 ▁and ▁prior ▁to ▁it ▁V 48 4 - T ▁R 3 . 200 ▁and ▁prior ▁to ▁it ▁V 55 4 - T ▁R 3 . 200 ▁and ▁prior ▁to ▁it ▁C 50 1 ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁C 55 1 ▁R 2 . 000 ▁and ▁prior ▁to ▁it ▁C 43 1 ▁R 2 . 000 ▁and ▁prior ▁to ▁it ) ▁allows ▁an ▁attacker ▁to ▁obtain ▁root ▁privileges ▁and ▁execute ▁remote ▁code ▁by ▁sending unintended param eter s ▁that ▁contain spec ific ▁characters ▁in ▁http ▁request . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Sharp NEC Displays (UN462A R1.300 and prior to it UN462VA R1.300 and prior to it UN492S R1.300 and prior to it UN492VS R1.300 and prior to it UN552A R1.300 and prior to it UN552S R1.300 and prior to it UN552VS R1.300 and prior to it UN552 R1.300 and prior to it UN552V R1.300 and prior to it UX552S R1.300 and prior to it UX552 R1.300 and prior to it V864Q R2.000 and prior to it C861Q R2.000 and prior to it P754Q R2.000 and prior to it V754Q R2.000 and prior to it C751Q R2.000 and prior to it V984Q R2.000 and prior to it C981Q R2.000 and prior to it P654Q R2.000 and prior to it V654Q R2.000 and prior to it C651Q R2.000 and prior to it V554Q R2.000 and prior to it P404 R3.200 and prior to it P484 R3.200 and prior to it P554 R3.200 and prior to it V404 R3.200 and prior to it V484 R3.200 and prior to it V554 R3.200 and prior to it V404-T R3.200 and prior to it V484-T R3.200 and prior to it V554-T R3.200 and prior to it C501 R2.000 and prior to it C551 R2.000 and prior to it C431 R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.
SHAP (words)
Sharp NEC Displays ( UN462A R1. 300 and prior to it UN462VA R1. 300 and prior to it UN492S R1. 300 and prior to it UN492VS R1. 300 and prior to it UN552A R1. 300 and prior to it UN552S R1. 300 and prior to it UN552VS R1. 300 and prior to it UN552 R1. 300 and prior to it UN552V R1. 300 and prior to it UX552S R1. 300 and prior to it UX552 R1. 300 and prior to it V864Q R2. 000 and prior to it C861Q R2. 000 and prior to it P754Q R2. 000 and prior to it V754Q R2. 000 and prior to it C751Q R2. 000 and prior to it V984Q R2. 000 and prior to it C981Q R2. 000 and prior to it P654Q R2. 000 and prior to it V654Q R2. 000 and prior to it C651Q R2. 000 and prior to it V554Q R2. 000 and prior to it P404 R3. 200 and prior to it P484 R3. 200 and prior to it P554 R3. 200 and prior to it V404 R3. 200 and prior to it V484 R3. 200 and prior to it V554 R3. 200 and prior to it V404- T R3. 200 and prior to it V484- T R3. 200 and prior to it V554- T R3. 200 and prior to it C501 R2. 000 and prior to it C551 R2. 000 and prior to it C431 R2. 000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request
lrp-bert · Pred=NONE (0) · p=0.50 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Sharp NEC Display s ( UN ##46 ##2 ##A R ##1 . 300 and prior to it UN ##46 ##2 ##VA R ##1 . 300 and prior to it UN ##4 ##9 ##2 ##S R ##1 . 300 and prior to it UN ##4 ##9 ##2 ##VS R ##1 . 300 and prior to it UN ##55 ##2 ##A R ##1 . 300 and prior to it UN ##55 ##2 ##S R ##1 . 300 and prior to it UN ##55 ##2 ##VS R ##1 . 300 and prior to it UN ##55 ##2 R ##1 . 300 and prior to it UN ##55 ##2 ##V R ##1 . 300 and prior to it U ##X ##55 ##2 ##S R ##1 . 300 and prior to it U ##X ##55 ##2 R ##1 . 300 and prior to it V8 ##64 ##Q R ##2 . 000 and prior to it C ##86 ##1 ##Q R ##2 . 000 and prior to it P ##75 ##4 ##Q R ##2 . 000 and prior to it V ##75 ##4 ##Q R ##2 . 000 and prior to it C ##75 ##1 ##Q R ##2 . 000 and prior to it V ##9 ##8 ##4 ##Q R ##2 . 000 and prior to it C ##9 ##8 ##1 ##Q R ##2 . 000 and prior to it P ##65 ##4 ##Q R ##2 . 000 and prior to it V ##65 ##4 ##Q R ##2 . 000 and prior to it C ##65 ##1 ##Q R ##2 . 000 and prior to it V ##55 ##4 ##Q R ##2 . 000 and prior to it P ##40 ##4 R ##3 . 200 and prior to it P ##48 ##4 R ##3 . 200 and prior to it P ##55 ##4 R ##3 . 200 and prior to it V ##40 ##4 R ##3 . 200 and prior to it V ##48 ##4 R ##3 . 200 and prior to it V ##55 ##4 R ##3 . 200 and prior to it V ##40 ##4 - T R ##3 . 200 and prior to it V ##48 ##4 - T R ##3 . 200 and prior to it V ##55 ##4 - T R ##3 . 200 and prior to it C ##50 ##1 R ##2 . 000 and prior to it C ##55 ##1 R ##2 . 000 and prior to it C ##43 ##1 R ##2 . 000 and prior to it ) allows an attacker to obtain root privileges and exec u ##te remote code by sending unintended param et ##ers that contain spec if ##ic char act ##ers in http request . [SEP]
LRP (+Pred, pos-only)
[CLS] Sharp NEC Display s ( UN ##46 ##2 ##A R ##1 . 300 and prior to it UN ##46 ##2 ##VA R ##1 . 300 and prior to it UN ##4 ##9 ##2 ##S R ##1 . 300 and prior to it UN ##4 ##9 ##2 ##VS R ##1 . 300 and prior to it UN ##55 ##2 ##A R ##1 . 300 and prior to it UN ##55 ##2 ##S R ##1 . 300 and prior to it UN ##55 ##2 ##VS R ##1 . 300 and prior to it UN ##55 ##2 R ##1 . 300 and prior to it UN ##55 ##2 ##V R ##1 . 300 and prior to it U ##X ##55 ##2 ##S R ##1 . 300 and prior to it U ##X ##55 ##2 R ##1 . 300 and prior to it V8 ##64 ##Q R ##2 . 000 and prior to it C ##86 ##1 ##Q R ##2 . 000 and prior to it P ##75 ##4 ##Q R ##2 . 000 and prior to it V ##75 ##4 ##Q R ##2 . 000 and prior to it C ##75 ##1 ##Q R ##2 . 000 and prior to it V ##9 ##8 ##4 ##Q R ##2 . 000 and prior to it C ##9 ##8 ##1 ##Q R ##2 . 000 and prior to it P ##65 ##4 ##Q R ##2 . 000 and prior to it V ##65 ##4 ##Q R ##2 . 000 and prior to it C ##65 ##1 ##Q R ##2 . 000 and prior to it V ##55 ##4 ##Q R ##2 . 000 and prior to it P ##40 ##4 R ##3 . 200 and prior to it P ##48 ##4 R ##3 . 200 and prior to it P ##55 ##4 R ##3 . 200 and prior to it V ##40 ##4 R ##3 . 200 and prior to it V ##48 ##4 R ##3 . 200 and prior to it V ##55 ##4 R ##3 . 200 and prior to it V ##40 ##4 - T R ##3 . 200 and prior to it V ##48 ##4 - T R ##3 . 200 and prior to it V ##55 ##4 - T R ##3 . 200 and prior to it C ##50 ##1 R ##2 . 000 and prior to it C ##55 ##1 R ##2 . 000 and prior to it C ##43 ##1 R ##2 . 000 and prior to it ) allows an attacker to obtain root privileges and exec u ##te remote code by sending unintended param et ##ers that contain spec if ##ic char act ##ers in http request . [SEP]
LIME (words)
Sharp NEC Displays (UN462A R1.300 and prior to it UN462VA R1.300 and prior to it UN492S R1.300 and prior to it UN492VS R1.300 and prior to it UN552A R1.300 and prior to it UN552S R1.300 and prior to it UN552VS R1.300 and prior to it UN552 R1.300 and prior to it UN552V R1.300 and prior to it UX552S R1.300 and prior to it UX552 R1.300 and prior to it V864Q R2.000 and prior to it C861Q R2.000 and prior to it P754Q R2.000 and prior to it V754Q R2.000 and prior to it C751Q R2.000 and prior to it V984Q R2.000 and prior to it C981Q R2.000 and prior to it P654Q R2.000 and prior to it V654Q R2.000 and prior to it C651Q R2.000 and prior to it V554Q R2.000 and prior to it P404 R3.200 and prior to it P484 R3.200 and prior to it P554 R3.200 and prior to it V404 R3.200 and prior to it V484 R3.200 and prior to it V554 R3.200 and prior to it V404-T R3.200 and prior to it V484-T R3.200 and prior to it V554-T R3.200 and prior to it C501 R2.000 and prior to it C551 R2.000 and prior to it C431 R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.
SHAP (words)
Sharp NEC Displays ( UN462A R1. 300 and prior to it UN462VA R1. 300 and prior to it UN492S R1. 300 and prior to it UN492VS R1. 300 and prior to it UN552A R1. 300 and prior to it UN552S R1. 300 and prior to it UN552VS R1. 300 and prior to it UN552 R1. 300 and prior to it UN552V R1. 300 and prior to it UX552S R1. 300 and prior to it UX552 R1. 300 and prior to it V864Q R2. 000 and prior to it C861Q R2. 000 and prior to it P754Q R2. 000 and prior to it V754Q R2. 000 and prior to it C751Q R2. 000 and prior to it V984Q R2. 000 and prior to it C981Q R2. 000 and prior to it P654Q R2. 000 and prior to it V654Q R2. 000 and prior to it C651Q R2. 000 and prior to it V554Q R2. 000 and prior to it P404 R3. 200 and prior to it P484 R3. 200 and prior to it P554 R3. 200 and prior to it V404 R3. 200 and prior to it V484 R3. 200 and prior to it V554 R3. 200 and prior to it V404- T R3. 200 and prior to it V484- T R3. 200 and prior to it V554- T R3. 200 and prior to it C501 R2. 000 and prior to it C551 R2. 000 and prior to it C431 R2. 000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request
lrp-distilbert · Pred=NONE (0) · p=0.52 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Sharp NEC Display s ( UN ##46 ##2 ##A R ##1 . 300 and prior to it UN ##46 ##2 ##VA R ##1 . 300 and prior to it UN ##4 ##9 ##2 ##S R ##1 . 300 and prior to it UN ##4 ##9 ##2 ##VS R ##1 . 300 and prior to it UN ##55 ##2 ##A R ##1 . 300 and prior to it UN ##55 ##2 ##S R ##1 . 300 and prior to it UN ##55 ##2 ##VS R ##1 . 300 and prior to it UN ##55 ##2 R ##1 . 300 and prior to it UN ##55 ##2 ##V R ##1 . 300 and prior to it U ##X ##55 ##2 ##S R ##1 . 300 and prior to it U ##X ##55 ##2 R ##1 . 300 and prior to it V8 ##64 ##Q R ##2 . 000 and prior to it C ##86 ##1 ##Q R ##2 . 000 and prior to it P ##75 ##4 ##Q R ##2 . 000 and prior to it V ##75 ##4 ##Q R ##2 . 000 and prior to it C ##75 ##1 ##Q R ##2 . 000 and prior to it V ##9 ##8 ##4 ##Q R ##2 . 000 and prior to it C ##9 ##8 ##1 ##Q R ##2 . 000 and prior to it P ##65 ##4 ##Q R ##2 . 000 and prior to it V ##65 ##4 ##Q R ##2 . 000 and prior to it C ##65 ##1 ##Q R ##2 . 000 and prior to it V ##55 ##4 ##Q R ##2 . 000 and prior to it P ##40 ##4 R ##3 . 200 and prior to it P ##48 ##4 R ##3 . 200 and prior to it P ##55 ##4 R ##3 . 200 and prior to it V ##40 ##4 R ##3 . 200 and prior to it V ##48 ##4 R ##3 . 200 and prior to it V ##55 ##4 R ##3 . 200 and prior to it V ##40 ##4 - T R ##3 . 200 and prior to it V ##48 ##4 - T R ##3 . 200 and prior to it V ##55 ##4 - T R ##3 . 200 and prior to it C ##50 ##1 R ##2 . 000 and prior to it C ##55 ##1 R ##2 . 000 and prior to it C ##43 ##1 R ##2 . 000 and prior to it ) allows an attacker to obtain root privileges and exec u ##te remote code by sending unintended param et ##ers that contain spec if ##ic char act ##ers in http request . [SEP]
LRP (+Pred, pos-only)
[CLS] Sharp NEC Display s ( UN ##46 ##2 ##A R ##1 . 300 and prior to it UN ##46 ##2 ##VA R ##1 . 300 and prior to it UN ##4 ##9 ##2 ##S R ##1 . 300 and prior to it UN ##4 ##9 ##2 ##VS R ##1 . 300 and prior to it UN ##55 ##2 ##A R ##1 . 300 and prior to it UN ##55 ##2 ##S R ##1 . 300 and prior to it UN ##55 ##2 ##VS R ##1 . 300 and prior to it UN ##55 ##2 R ##1 . 300 and prior to it UN ##55 ##2 ##V R ##1 . 300 and prior to it U ##X ##55 ##2 ##S R ##1 . 300 and prior to it U ##X ##55 ##2 R ##1 . 300 and prior to it V8 ##64 ##Q R ##2 . 000 and prior to it C ##86 ##1 ##Q R ##2 . 000 and prior to it P ##75 ##4 ##Q R ##2 . 000 and prior to it V ##75 ##4 ##Q R ##2 . 000 and prior to it C ##75 ##1 ##Q R ##2 . 000 and prior to it V ##9 ##8 ##4 ##Q R ##2 . 000 and prior to it C ##9 ##8 ##1 ##Q R ##2 . 000 and prior to it P ##65 ##4 ##Q R ##2 . 000 and prior to it V ##65 ##4 ##Q R ##2 . 000 and prior to it C ##65 ##1 ##Q R ##2 . 000 and prior to it V ##55 ##4 ##Q R ##2 . 000 and prior to it P ##40 ##4 R ##3 . 200 and prior to it P ##48 ##4 R ##3 . 200 and prior to it P ##55 ##4 R ##3 . 200 and prior to it V ##40 ##4 R ##3 . 200 and prior to it V ##48 ##4 R ##3 . 200 and prior to it V ##55 ##4 R ##3 . 200 and prior to it V ##40 ##4 - T R ##3 . 200 and prior to it V ##48 ##4 - T R ##3 . 200 and prior to it V ##55 ##4 - T R ##3 . 200 and prior to it C ##50 ##1 R ##2 . 000 and prior to it C ##55 ##1 R ##2 . 000 and prior to it C ##43 ##1 R ##2 . 000 and prior to it ) allows an attacker to obtain root privileges and exec u ##te remote code by sending unintended param et ##ers that contain spec if ##ic char act ##ers in http request . [SEP]
LIME (words)
Sharp NEC Displays (UN462A R1.300 and prior to it UN462VA R1.300 and prior to it UN492S R1.300 and prior to it UN492VS R1.300 and prior to it UN552A R1.300 and prior to it UN552S R1.300 and prior to it UN552VS R1.300 and prior to it UN552 R1.300 and prior to it UN552V R1.300 and prior to it UX552S R1.300 and prior to it UX552 R1.300 and prior to it V864Q R2.000 and prior to it C861Q R2.000 and prior to it P754Q R2.000 and prior to it V754Q R2.000 and prior to it C751Q R2.000 and prior to it V984Q R2.000 and prior to it C981Q R2.000 and prior to it P654Q R2.000 and prior to it V654Q R2.000 and prior to it C651Q R2.000 and prior to it V554Q R2.000 and prior to it P404 R3.200 and prior to it P484 R3.200 and prior to it P554 R3.200 and prior to it V404 R3.200 and prior to it V484 R3.200 and prior to it V554 R3.200 and prior to it V404-T R3.200 and prior to it V484-T R3.200 and prior to it V554-T R3.200 and prior to it C501 R2.000 and prior to it C551 R2.000 and prior to it C431 R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.
SHAP (words)
Sharp NEC Displays ( UN462A R1. 300 and prior to it UN462VA R1. 300 and prior to it UN492S R1. 300 and prior to it UN492VS R1. 300 and prior to it UN552A R1. 300 and prior to it UN552S R1. 300 and prior to it UN552VS R1. 300 and prior to it UN552 R1. 300 and prior to it UN552V R1. 300 and prior to it UX552S R1. 300 and prior to it UX552 R1. 300 and prior to it V864Q R2. 000 and prior to it C861Q R2. 000 and prior to it P754Q R2. 000 and prior to it V754Q R2. 000 and prior to it C751Q R2. 000 and prior to it V984Q R2. 000 and prior to it C981Q R2. 000 and prior to it P654Q R2. 000 and prior to it V654Q R2. 000 and prior to it C651Q R2. 000 and prior to it V554Q R2. 000 and prior to it P404 R3. 200 and prior to it P484 R3. 200 and prior to it P554 R3. 200 and prior to it V404 R3. 200 and prior to it V484 R3. 200 and prior to it V554 R3. 200 and prior to it V404- T R3. 200 and prior to it V484- T R3. 200 and prior to it V554- T R3. 200 and prior to it C501 R2. 000 and prior to it C551 R2. 000 and prior to it C431 R2. 000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request
#71 · cve_id CVE-2023-3724 · pr
GT=LOW (1)
xlnet · Pred=NONE (0) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁If ▁a TLS ▁1 . 3 ▁client ▁gets ▁neither ▁a PSK ( pre ▁shared ▁key ) ▁extension ▁nor ▁a ▁K SE ( key ▁share ▁extension ) ▁when ▁connecting ▁to ▁a malicious ▁server ▁a ▁default ▁predictable ▁buffer ▁gets ▁used ▁for ▁the ▁I K M ( Input ▁Key ing ▁Material ) ▁value ▁when ▁generating ▁the se ssi ▁on ▁master ▁secret . ▁Using ▁a ▁potentially ▁known ▁I K M ▁value ▁when ▁generating ▁the se ssi ▁on ▁master ▁secret ▁key compromises ▁the ▁key ▁generated ▁allowing ▁an eavesdrop ▁per ▁to reconstruct ▁it ▁and ▁potentially ▁allowing ▁access ▁to ▁or ▁me ddling ▁with ▁message ▁contents ▁in ▁the se ssi ▁on . ▁This ▁issue ▁does ▁not ▁affect ▁client validation ▁of ▁connected ▁servers ▁nor ▁expose ▁private ▁key ▁in for matio n ▁but ▁could ▁result ▁in ▁an insecure TLS ▁1 . 3 se ssi ▁on ▁when ▁not ▁controlling ▁both sid es ▁of ▁the ▁connection . wolfSSL recommends ▁that TLS ▁1 . 3 ▁client sid e ▁users ▁update ▁the ▁version ▁of wolfSSL ▁used . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers nor expose private key information but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used.
SHAP (words)
If a TLS 1. 3 client gets neither a PSK ( pre shared key) extension nor a KSE ( key share extension) when connecting to a malicious server a default predictable buffer gets used for the IKM ( Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers nor expose private key information but could result in an insecure TLS 1. 3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1. 3 client side users update the version of wolfSSL used
lrp-bert · Pred=NONE (0) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] If a TLS 1 . 3 cli en ##t gets neither a PSK ( pre shared key ) extension nor a K ##SE ( key share extension ) when connecting to a malicious server a default pre ##dic tab le buffer gets used for the I ##K ##M ( Input Key ##ing Mate r ##ial ) value when generating the se ssi on master secret . Using a potentially known I ##K ##M value when generating the se ssi on master secret key compromises the key generated allowing an eavesdrop per to reconstruct it and potentially allowing access to or me ##ddling with message contents in the se ssi on . This issue does not affect cli en ##t validation of connected servers nor expose private key info ##r matio n but could result in an insecure TLS 1 . 3 se ssi on when not controlling bot h sid es of the connection . wolfSSL recommends that TLS 1 . 3 cli en ##t sid e users update the version of wolfSSL used . [SEP]
LRP (+Pred, pos-only)
[CLS] If a TLS 1 . 3 cli en ##t gets neither a PSK ( pre shared key ) extension nor a K ##SE ( key share extension ) when connecting to a malicious server a default pre ##dic tab le buffer gets used for the I ##K ##M ( Input Key ##ing Mate r ##ial ) value when generating the se ssi on master secret . Using a potentially known I ##K ##M value when generating the se ssi on master secret key compromises the key generated allowing an eavesdrop per to reconstruct it and potentially allowing access to or me ##ddling with message contents in the se ssi on . This issue does not affect cli en ##t validation of connected servers nor expose private key info ##r matio n but could result in an insecure TLS 1 . 3 se ssi on when not controlling bot h sid es of the connection . wolfSSL recommends that TLS 1 . 3 cli en ##t sid e users update the version of wolfSSL used . [SEP]
LIME (words)
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers nor expose private key information but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used.
SHAP (words)
If a TLS 1. 3 client gets neither a PSK ( pre shared key) extension nor a KSE ( key share extension) when connecting to a malicious server a default predictable buffer gets used for the IKM ( Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers nor expose private key information but could result in an insecure TLS 1. 3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1. 3 client side users update the version of wolfSSL used
lrp-distilbert · Pred=NONE (0) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] If a TLS 1 . 3 cli en ##t gets neither a PSK ( pre shared key ) extension nor a K ##SE ( key share extension ) when connecting to a malicious server a default pre ##dic tab le buffer gets used for the I ##K ##M ( Input Key ##ing Mate r ##ial ) value when generating the se ssi on master secret . Using a potentially known I ##K ##M value when generating the se ssi on master secret key compromises the key generated allowing an eavesdrop per to reconstruct it and potentially allowing access to or me ##ddling with message contents in the se ssi on . This issue does not affect cli en ##t validation of connected servers nor expose private key info ##r matio n but could result in an insecure TLS 1 . 3 se ssi on when not controlling bot h sid es of the connection . wolfSSL recommends that TLS 1 . 3 cli en ##t sid e users update the version of wolfSSL used . [SEP]
LRP (+Pred, pos-only)
[CLS] If a TLS 1 . 3 cli en ##t gets neither a PSK ( pre shared key ) extension nor a K ##SE ( key share extension ) when connecting to a malicious server a default pre ##dic tab le buffer gets used for the I ##K ##M ( Input Key ##ing Mate r ##ial ) value when generating the se ssi on master secret . Using a potentially known I ##K ##M value when generating the se ssi on master secret key compromises the key generated allowing an eavesdrop per to reconstruct it and potentially allowing access to or me ##ddling with message contents in the se ssi on . This issue does not affect cli en ##t validation of connected servers nor expose private key info ##r matio n but could result in an insecure TLS 1 . 3 se ssi on when not controlling bot h sid es of the connection . wolfSSL recommends that TLS 1 . 3 cli en ##t sid e users update the version of wolfSSL used . [SEP]
LIME (words)
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers nor expose private key information but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used.
SHAP (words)
If a TLS 1. 3 client gets neither a PSK ( pre shared key) extension nor a KSE ( key share extension) when connecting to a malicious server a default predictable buffer gets used for the IKM ( Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers nor expose private key information but could result in an insecure TLS 1. 3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1. 3 client side users update the version of wolfSSL used
#72 · cve_id CVE-2020-16120 · pr
GT=HIGH (2)
xlnet · Pred=LOW (1) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Overlay ▁f s ▁did ▁not ▁properly ▁perform ▁per mi ssi ▁on ▁checking ▁when copying ▁up ▁files ▁in ▁an overlayfs ▁and ▁could ▁be ▁exploited ▁from ▁within ▁a ▁user namespace ▁if ▁for ▁example unprivileged ▁user namespaces ▁were ▁allowed . ▁It ▁was ▁po ssi ble ▁to ▁have ▁a ▁file ▁not readable ▁by ▁an unprivileged ▁user ▁to ▁be ▁copied ▁to ▁a m ou ntp o int ▁controlled ▁by ▁the ▁user ▁like ▁a removable ▁device . ▁This ▁was ▁introduced ▁in ▁kernel ▁version ▁4 . 19 ▁by ▁commit d 1 d 04 ef ( " ov l : ▁stack ▁file ops " ) . ▁This ▁was ▁fixed ▁in ▁kernel ▁version ▁5 . 8 ▁by commits ▁56 2 30 d 9 ( " ov l : ▁verify permissions ▁in ov l _ path _ open ( ) " ) ▁48 b d 0 24 ( " ov l : ▁switch ▁to ▁mount er ▁cred s ▁in ▁read dir " ) ▁and 05 ace f b ( " ov l : ▁check ▁per mi ssi ▁on ▁to ▁open ▁real ▁file " ) . ▁Additionally commits ▁130 f db ▁c ( " ov l : ▁pass ▁correct ▁flags ▁for ▁opening ▁real ▁directory " ) ▁and ▁29 2 f 90 2 ( " ov l : ▁call sec uti ry ▁hook ▁in ov l _ real _ ioctl ( ) " ) ▁in ▁kernel ▁5 . 8 ▁might ▁also ▁be ▁desired ▁or ▁necessary . ▁These ▁additional commits ▁introduced ▁a regression ▁in overlay ▁mount s ▁within ▁user namespaces ▁which ▁prevented ▁access ▁to ▁files ▁with ▁ownership ▁out sid e ▁of ▁the ▁user namespace . ▁This regression ▁was mitigated ▁by ▁subsequent ▁commit b 66 50 da ( " ov l : ▁do ▁not ▁fail ▁because ▁of ▁O _ NO ATI ME i " ) ▁in ▁kernel ▁5 . 11 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace if for example unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()") 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.
SHAP (words)
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace if for example unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user like a removable device. This was introduced in kernel version 4. 19 by commit d1d04ef (" ovl: stack file ops"). This was fixed in kernel version 5. 8 by commits 56230d9 (" ovl: verify permissions in ovl_path_open()") 48bd024 (" ovl: switch to mounter creds in readdir") and 05acefb (" ovl: check permission to open real file"). Additionally commits 130fdbc (" ovl: pass correct flags for opening real directory") and 292f902 (" ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5. 8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (" ovl: do not fail because of O_NOATIMEi") in kernel 5. 11
lrp-bert · Pred=LOW (1) · p=0.77 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Overlay f ##s did not properly perform per ##mi ssi on checking when copying up files in an overlayfs and could be ex ##p ##lo ite d from within a user namespace if for example unprivileged user namespaces were allowed . It was p ##o ssi b ##le to have a file not readable by an unprivileged user to be copied to a m ##ou ntp o int controlled by the user like a removable dev ice . This was int rod ##uce ##d in kernel version 4 . 19 by commit d ##1 ##d ##0 ##4 ##ef ( " o ##v ##l : stack file op ##s " ) . This was fixed in kernel version 5 . 8 by commits 56 ##23 ##0 ##d ##9 ( " o ##v ##l : verify permissions in o ##v ##l _ path _ open ( ) " ) 48 ##b ##d ##0 ##24 ( " o ##v ##l : switch to mount ##er c ##red ##s in read ##dir " ) and 05 ##ace ##f ##b ( " o ##v ##l : check per ##mi ssi on to open real file " ) . Add it ##ional ##ly commits 130 ##f db c ( " o ##v ##l : pass correct flags for opening real directory " ) and 29 ##2 ##f ##90 ##2 ( " o ##v ##l : call se ##cut ##ir ##y hook in o ##v ##l _ real _ ioctl ( ) " ) in kernel 5 . 8 might also be desired or necessary . These additional commits int rod ##uce ##d a regression in overlay mounts within user namespaces which prevented access to files with owners ##h ip out sid e of the user namespace . This regression was mitigated by subsequent commit b ##6 ##65 ##0 ##da ( " o ##v ##l : do not fail because of O _ N OA TIM E ##i " ) in kernel 5 . 11 . [SEP]
LRP (+Pred, pos-only)
[CLS] Overlay f ##s did not properly perform per ##mi ssi on checking when copying up files in an overlayfs and could be ex ##p ##lo ite d from within a user namespace if for example unprivileged user namespaces were allowed . It was p ##o ssi b ##le to have a file not readable by an unprivileged user to be copied to a m ##ou ntp o int controlled by the user like a removable dev ice . This was int rod ##uce ##d in kernel version 4 . 19 by commit d ##1 ##d ##0 ##4 ##ef ( " o ##v ##l : stack file op ##s " ) . This was fixed in kernel version 5 . 8 by commits 56 ##23 ##0 ##d ##9 ( " o ##v ##l : verify permissions in o ##v ##l _ path _ open ( ) " ) 48 ##b ##d ##0 ##24 ( " o ##v ##l : switch to mount ##er c ##red ##s in read ##dir " ) and 05 ##ace ##f ##b ( " o ##v ##l : check per ##mi ssi on to open real file " ) . Add it ##ional ##ly commits 130 ##f db c ( " o ##v ##l : pass correct flags for opening real directory " ) and 29 ##2 ##f ##90 ##2 ( " o ##v ##l : call se ##cut ##ir ##y hook in o ##v ##l _ real _ ioctl ( ) " ) in kernel 5 . 8 might also be desired or necessary . These additional commits int rod ##uce ##d a regression in overlay mounts within user namespaces which prevented access to files with owners ##h ip out sid e of the user namespace . This regression was mitigated by subsequent commit b ##6 ##65 ##0 ##da ( " o ##v ##l : do not fail because of O _ N OA TIM E ##i " ) in kernel 5 . 11 . [SEP]
LIME (words)
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace if for example unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()") 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.
SHAP (words)
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace if for example unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user like a removable device. This was introduced in kernel version 4. 19 by commit d1d04ef (" ovl: stack file ops"). This was fixed in kernel version 5. 8 by commits 56230d9 (" ovl: verify permissions in ovl_path_open()") 48bd024 (" ovl: switch to mounter creds in readdir") and 05acefb (" ovl: check permission to open real file"). Additionally commits 130fdbc (" ovl: pass correct flags for opening real directory") and 292f902 (" ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5. 8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (" ovl: do not fail because of O_NOATIMEi") in kernel 5. 11
lrp-distilbert · Pred=LOW (1) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Overlay f ##s did not properly perform per ##mi ssi on checking when copying up files in an overlayfs and could be ex ##p ##lo ite d from within a user namespace if for example unprivileged user namespaces were allowed . It was p ##o ssi b ##le to have a file not readable by an unprivileged user to be copied to a m ##ou ntp o int controlled by the user like a removable dev ice . This was int rod ##uce ##d in kernel version 4 . 19 by commit d ##1 ##d ##0 ##4 ##ef ( " o ##v ##l : stack file op ##s " ) . This was fixed in kernel version 5 . 8 by commits 56 ##23 ##0 ##d ##9 ( " o ##v ##l : verify permissions in o ##v ##l _ path _ open ( ) " ) 48 ##b ##d ##0 ##24 ( " o ##v ##l : switch to mount ##er c ##red ##s in read ##dir " ) and 05 ##ace ##f ##b ( " o ##v ##l : check per ##mi ssi on to open real file " ) . Add it ##ional ##ly commits 130 ##f db c ( " o ##v ##l : pass correct flags for opening real directory " ) and 29 ##2 ##f ##90 ##2 ( " o ##v ##l : call se ##cut ##ir ##y hook in o ##v ##l _ real _ ioctl ( ) " ) in kernel 5 . 8 might also be desired or necessary . These additional commits int rod ##uce ##d a regression in overlay mounts within user namespaces which prevented access to files with owners ##h ip out sid e of the user namespace . This regression was mitigated by subsequent commit b ##6 ##65 ##0 ##da ( " o ##v ##l : do not fail because of O _ N OA TIM E ##i " ) in kernel 5 . 11 . [SEP]
LRP (+Pred, pos-only)
[CLS] Overlay f ##s did not properly perform per ##mi ssi on checking when copying up files in an overlayfs and could be ex ##p ##lo ite d from within a user namespace if for example unprivileged user namespaces were allowed . It was p ##o ssi b ##le to have a file not readable by an unprivileged user to be copied to a m ##ou ntp o int controlled by the user like a removable dev ice . This was int rod ##uce ##d in kernel version 4 . 19 by commit d ##1 ##d ##0 ##4 ##ef ( " o ##v ##l : stack file op ##s " ) . This was fixed in kernel version 5 . 8 by commits 56 ##23 ##0 ##d ##9 ( " o ##v ##l : verify permissions in o ##v ##l _ path _ open ( ) " ) 48 ##b ##d ##0 ##24 ( " o ##v ##l : switch to mount ##er c ##red ##s in read ##dir " ) and 05 ##ace ##f ##b ( " o ##v ##l : check per ##mi ssi on to open real file " ) . Add it ##ional ##ly commits 130 ##f db c ( " o ##v ##l : pass correct flags for opening real directory " ) and 29 ##2 ##f ##90 ##2 ( " o ##v ##l : call se ##cut ##ir ##y hook in o ##v ##l _ real _ ioctl ( ) " ) in kernel 5 . 8 might also be desired or necessary . These additional commits int rod ##uce ##d a regression in overlay mounts within user namespaces which prevented access to files with owners ##h ip out sid e of the user namespace . This regression was mitigated by subsequent commit b ##6 ##65 ##0 ##da ( " o ##v ##l : do not fail because of O _ N OA TIM E ##i " ) in kernel 5 . 11 . [SEP]
LIME (words)
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace if for example unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()") 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.
SHAP (words)
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace if for example unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user like a removable device. This was introduced in kernel version 4. 19 by commit d1d04ef (" ovl: stack file ops"). This was fixed in kernel version 5. 8 by commits 56230d9 (" ovl: verify permissions in ovl_path_open()") 48bd024 (" ovl: switch to mounter creds in readdir") and 05acefb (" ovl: check permission to open real file"). Additionally commits 130fdbc (" ovl: pass correct flags for opening real directory") and 292f902 (" ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5. 8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (" ovl: do not fail because of O_NOATIMEi") in kernel 5. 11
#73 · cve_id CVE-2023-52200 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Cross-Site Request Forgery ( CSRF ) Deserialization ▁of Untrusted ▁Data ▁vulnerability ▁in ▁Rep ute ▁Info system s ARM ember ▁Membership Plugin ▁Content Restriction ▁Member ▁Level s User ▁Profile ▁& User signup . This ▁issue ▁affects ARM ember ▁Membership Plugin ▁Content Restriction ▁Member ▁Level s User ▁Profile ▁& User signup : n / a . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross-Site Request Forgery (CSRF) Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember Membership Plugin Content Restriction Member Levels User Profile & User signup.This issue affects ARMember Membership Plugin Content Restriction Member Levels User Profile & User signup: n/a.
SHAP (words)
Cross- Site Request Forgery ( CSRF) Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin Content Restriction Member Levels User Profile & User signup. This issue affects ARMember – Membership Plugin Content Restriction Member Levels User Profile & User signup: n/ a
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-Site Request Forgery ( CSRF ) Deserialization of Untrusted Data vulnerability in Rep ##ute In ##fo ##sy ##ste ##ms ARM em ##ber Members ##h ip Plugin Content Restriction Member Level ##s User Profile & User signup . This issue affects ARM em ##ber Members ##h ip Plugin Content Restriction Member Level ##s User Profile & User signup : n / a . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-Site Request Forgery ( CSRF ) Deserialization of Untrusted Data vulnerability in Rep ##ute In ##fo ##sy ##ste ##ms ARM em ##ber Members ##h ip Plugin Content Restriction Member Level ##s User Profile & User signup . This issue affects ARM em ##ber Members ##h ip Plugin Content Restriction Member Level ##s User Profile & User signup : n / a . [SEP]
LIME (words)
Cross-Site Request Forgery (CSRF) Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember Membership Plugin Content Restriction Member Levels User Profile & User signup.This issue affects ARMember Membership Plugin Content Restriction Member Levels User Profile & User signup: n/a.
SHAP (words)
Cross- Site Request Forgery ( CSRF) Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin Content Restriction Member Levels User Profile & User signup. This issue affects ARMember – Membership Plugin Content Restriction Member Levels User Profile & User signup: n/ a
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-Site Request Forgery ( CSRF ) Deserialization of Untrusted Data vulnerability in Rep ##ute In ##fo ##sy ##ste ##ms ARM em ##ber Members ##h ip Plugin Content Restriction Member Level ##s User Profile & User signup . This issue affects ARM em ##ber Members ##h ip Plugin Content Restriction Member Level ##s User Profile & User signup : n / a . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-Site Request Forgery ( CSRF ) Deserialization of Untrusted Data vulnerability in Rep ##ute In ##fo ##sy ##ste ##ms ARM em ##ber Members ##h ip Plugin Content Restriction Member Level ##s User Profile & User signup . This issue affects ARM em ##ber Members ##h ip Plugin Content Restriction Member Level ##s User Profile & User signup : n / a . [SEP]
LIME (words)
Cross-Site Request Forgery (CSRF) Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember Membership Plugin Content Restriction Member Levels User Profile & User signup.This issue affects ARMember Membership Plugin Content Restriction Member Levels User Profile & User signup: n/a.
SHAP (words)
Cross- Site Request Forgery ( CSRF) Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin Content Restriction Member Levels User Profile & User signup. This issue affects ARMember – Membership Plugin Content Restriction Member Levels User Profile & User signup: n/ a
#74 · cve_id CVE-2022-35903 · pr
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁Bentley ▁Micro S tation ▁before ▁10 . 17 . 0 . x ▁and ▁Bentley ▁View ▁before ▁10 . 17 . 0 . x . ▁Using ▁an ▁affected ▁version ▁of ▁Micro S tation ▁or ▁Micro S tation - based ▁application ▁to ▁open ▁a ▁3 DS ▁file ▁containing ▁crafted ▁data ▁can ▁force ▁an out-of-bounds ▁read . Exploitation ▁of ▁these vulnerabilities ▁within ▁the parsing ▁of ▁3 DS ▁files ▁could ▁enable ▁an ▁attacker ▁to ▁read ▁in for matio n ▁in ▁the ▁context ▁of ▁the ▁current ▁process . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process.
SHAP (words)
An issue was discovered in Bentley MicroStation before 10. 17. 0. x and Bentley View before 10. 17. 0. x. Using an affected version of MicroStation or MicroStation- based application to open a 3DS file containing crafted data can force an out- of- bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in Bentley Micro ##S ##tation before 10 . 17 . 0 . x and Bentley View before 10 . 17 . 0 . x . Using an affected version of Micro ##S ##tation or Micro ##S ##tation - based application to open a 3D ##S file containing crafted data can force an out-of-bounds read . Exploitation of these vulnerabilities within the parsing of 3D ##S files could enable an attacker to read info ##r matio n in the context of the current process . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in Bentley Micro ##S ##tation before 10 . 17 . 0 . x and Bentley View before 10 . 17 . 0 . x . Using an affected version of Micro ##S ##tation or Micro ##S ##tation - based application to open a 3D ##S file containing crafted data can force an out-of-bounds read . Exploitation of these vulnerabilities within the parsing of 3D ##S files could enable an attacker to read info ##r matio n in the context of the current process . [SEP]
LIME (words)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process.
SHAP (words)
An issue was discovered in Bentley MicroStation before 10. 17. 0. x and Bentley View before 10. 17. 0. x. Using an affected version of MicroStation or MicroStation- based application to open a 3DS file containing crafted data can force an out- of- bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in Bentley Micro ##S ##tation before 10 . 17 . 0 . x and Bentley View before 10 . 17 . 0 . x . Using an affected version of Micro ##S ##tation or Micro ##S ##tation - based application to open a 3D ##S file containing crafted data can force an out-of-bounds read . Exploitation of these vulnerabilities within the parsing of 3D ##S files could enable an attacker to read info ##r matio n in the context of the current process . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in Bentley Micro ##S ##tation before 10 . 17 . 0 . x and Bentley View before 10 . 17 . 0 . x . Using an affected version of Micro ##S ##tation or Micro ##S ##tation - based application to open a 3D ##S file containing crafted data can force an out-of-bounds read . Exploitation of these vulnerabilities within the parsing of 3D ##S files could enable an attacker to read info ##r matio n in the context of the current process . [SEP]
LIME (words)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process.
SHAP (words)
An issue was discovered in Bentley MicroStation before 10. 17. 0. x and Bentley View before 10. 17. 0. x. Using an affected version of MicroStation or MicroStation- based application to open a 3DS file containing crafted data can force an out- of- bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process
#75 · cve_id CVE-2023-37744 · pr
GT=NONE (0)
xlnet · Pred=HIGH (2) · p=0.97 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Mai d ▁Hir ing Manage ment ▁System ▁v 1 . 0 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a cross-site scripting ( XSS ) ▁vulnerability ▁via ▁the ▁component / admin / search - book ing - re quest . php . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.
SHAP (words)
Maid Hiring Management System v1. 0 was discovered to contain a cross- site scripting ( XSS) vulnerability via the component / admin/ search- booking- request. php
lrp-bert · Pred=HIGH (2) · p=0.97 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Maid Hi ##ring Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability via the component / admin / search - booking - request . php . [SEP]
LRP (+Pred, pos-only)
[CLS] Maid Hi ##ring Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability via the component / admin / search - booking - request . php . [SEP]
LIME (words)
Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.
SHAP (words)
Maid Hiring Management System v1. 0 was discovered to contain a cross- site scripting ( XSS) vulnerability via the component / admin/ search- booking- request. php
lrp-distilbert · Pred=HIGH (2) · p=0.92 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Maid Hi ##ring Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability via the component / admin / search - booking - request . php . [SEP]
LRP (+Pred, pos-only)
[CLS] Maid Hi ##ring Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability via the component / admin / search - booking - request . php . [SEP]
LIME (words)
Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.
SHAP (words)
Maid Hiring Management System v1. 0 was discovered to contain a cross- site scripting ( XSS) vulnerability via the component / admin/ search- booking- request. php
#76 · cve_id CVE-2020-13293 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.88 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In GitLab ▁before ▁13 . 0 . 12 ▁13 . 1 . 6 ▁and ▁13 . 2 . 3 ▁using ▁a ▁branch ▁with ▁a hexadecimal ▁name ▁could override ▁an ▁existing hash . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In GitLab before 13.0.12 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
SHAP (words)
In GitLab before 13. 0. 12 13. 1. 6 and 13. 2. 3 using a branch with a hexadecimal name could override an existing hash
lrp-bert · Pred=LOW (1) · p=0.74 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In GitLab before 13 . 0 . 12 13 . 1 . 6 and 13 . 2 . 3 using a branch with a hexadecimal name could override an existing hash . [SEP]
LRP (+Pred, pos-only)
[CLS] In GitLab before 13 . 0 . 12 13 . 1 . 6 and 13 . 2 . 3 using a branch with a hexadecimal name could override an existing hash . [SEP]
LIME (words)
In GitLab before 13.0.12 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
SHAP (words)
In GitLab before 13. 0. 12 13. 1. 6 and 13. 2. 3 using a branch with a hexadecimal name could override an existing hash
lrp-distilbert · Pred=NONE (0) · p=0.78 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In GitLab before 13 . 0 . 12 13 . 1 . 6 and 13 . 2 . 3 using a branch with a hexadecimal name could override an existing hash . [SEP]
LRP (+Pred, pos-only)
[CLS] In GitLab before 13 . 0 . 12 13 . 1 . 6 and 13 . 2 . 3 using a branch with a hexadecimal name could override an existing hash . [SEP]
LIME (words)
In GitLab before 13.0.12 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
SHAP (words)
In GitLab before 13. 0. 12 13. 1. 6 and 13. 2. 3 using a branch with a hexadecimal name could override an existing hash
#77 · cve_id CVE-2022-0969 · pr
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁Image ▁optimization ▁& ▁La zy Load ▁by ▁Opti m ole WordPress plugin ▁before ▁3 . 3 . 2 ▁does ▁not sanitise ▁and e sc ▁a pe ▁its " La zy load ▁background ▁images ▁for selector s " ▁settings ▁which ▁could ▁allow ▁high ▁privilege ▁users ▁such ▁as admin ▁to ▁perform Cross-Site scripting ▁attacks ▁even ▁when ▁the unfiltered ▁_ html ▁capability ▁is disallowed . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.
SHAP (words)
The Image optimization & Lazy Load by Optimole WordPress plugin before 3. 3. 2 does not sanitise and escape its " Lazyload background images for selectors" settings which could allow high privilege users such as admin to perform Cross- Site scripting attacks even when the unfiltered_html capability is disallowed
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Image optimization & La ##zy Load by Op ##ti ##mo ##le WordPress plugin before 3 . 3 . 2 does not sanitise and e sc a ##pe its " La ##zy ##load background images for selector s " settings which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered _ html capability is disallowed . [SEP]
LRP (+Pred, pos-only)
[CLS] The Image optimization & La ##zy Load by Op ##ti ##mo ##le WordPress plugin before 3 . 3 . 2 does not sanitise and e sc a ##pe its " La ##zy ##load background images for selector s " settings which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered _ html capability is disallowed . [SEP]
LIME (words)
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.
SHAP (words)
The Image optimization & Lazy Load by Optimole WordPress plugin before 3. 3. 2 does not sanitise and escape its " Lazyload background images for selectors" settings which could allow high privilege users such as admin to perform Cross- Site scripting attacks even when the unfiltered_html capability is disallowed
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Image optimization & La ##zy Load by Op ##ti ##mo ##le WordPress plugin before 3 . 3 . 2 does not sanitise and e sc a ##pe its " La ##zy ##load background images for selector s " settings which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered _ html capability is disallowed . [SEP]
LRP (+Pred, pos-only)
[CLS] The Image optimization & La ##zy Load by Op ##ti ##mo ##le WordPress plugin before 3 . 3 . 2 does not sanitise and e sc a ##pe its " La ##zy ##load background images for selector s " settings which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered _ html capability is disallowed . [SEP]
LIME (words)
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.
SHAP (words)
The Image optimization & Lazy Load by Optimole WordPress plugin before 3. 3. 2 does not sanitise and escape its " Lazyload background images for selectors" settings which could allow high privilege users such as admin to perform Cross- Site scripting attacks even when the unfiltered_html capability is disallowed
#78 · cve_id CVE-2020-2204 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁mi ssi ng ▁per mi ssi ▁on ▁check ▁in ▁Jenkins Fortify ▁on Demand Plugin ▁5 . 0 . 1 ▁and ▁earlier ▁allows ▁attackers ▁with ▁Overall / Read ▁per mi ssi ▁on ▁to ▁connect ▁to ▁the glob ally configured Fortify ▁on Demand endpoint ▁using attacker-specified credential s IDs . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
SHAP (words)
A missing permission check in Jenkins Fortify on Demand Plugin 5. 0. 1 and earlier allows attackers with Overall/ Read permission to connect to the globally configured Fortify on Demand endpoint using attacker- specified credentials IDs
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A mi ssi ng per ##mi ssi on check in Jenkins Fortify on Demand Plugin 5 . 0 . 1 and earlier allows attackers with Overall / Read per ##mi ssi on to connect to the glob ally configured Fortify on Demand endpoint using attacker-specified credential s IDs . [SEP]
LRP (+Pred, pos-only)
[CLS] A mi ssi ng per ##mi ssi on check in Jenkins Fortify on Demand Plugin 5 . 0 . 1 and earlier allows attackers with Overall / Read per ##mi ssi on to connect to the glob ally configured Fortify on Demand endpoint using attacker-specified credential s IDs . [SEP]
LIME (words)
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
SHAP (words)
A missing permission check in Jenkins Fortify on Demand Plugin 5. 0. 1 and earlier allows attackers with Overall/ Read permission to connect to the globally configured Fortify on Demand endpoint using attacker- specified credentials IDs
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A mi ssi ng per ##mi ssi on check in Jenkins Fortify on Demand Plugin 5 . 0 . 1 and earlier allows attackers with Overall / Read per ##mi ssi on to connect to the glob ally configured Fortify on Demand endpoint using attacker-specified credential s IDs . [SEP]
LRP (+Pred, pos-only)
[CLS] A mi ssi ng per ##mi ssi on check in Jenkins Fortify on Demand Plugin 5 . 0 . 1 and earlier allows attackers with Overall / Read per ##mi ssi on to connect to the glob ally configured Fortify on Demand endpoint using attacker-specified credential s IDs . [SEP]
LIME (words)
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
SHAP (words)
A missing permission check in Jenkins Fortify on Demand Plugin 5. 0. 1 and earlier allows attackers with Overall/ Read permission to connect to the globally configured Fortify on Demand endpoint using attacker- specified credentials IDs
#79 · cve_id CVE-2023-42688 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In wifi ▁service ▁there ▁is ▁a ▁po ssi ble ▁mi ssi ng ▁per mi ssi ▁on ▁check . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁with ▁no ▁additional ▁execution ▁privileges ▁needed <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In wifi service there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
SHAP (words)
In wifi service there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In wifi service there is a p ##o ssi b ##le mi ssi ng per ##mi ssi on check . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed [SEP]
LRP (+Pred, pos-only)
[CLS] In wifi service there is a p ##o ssi b ##le mi ssi ng per ##mi ssi on check . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed [SEP]
LIME (words)
In wifi service there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
SHAP (words)
In wifi service there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In wifi service there is a p ##o ssi b ##le mi ssi ng per ##mi ssi on check . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed [SEP]
LRP (+Pred, pos-only)
[CLS] In wifi service there is a p ##o ssi b ##le mi ssi ng per ##mi ssi on check . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed [SEP]
LIME (words)
In wifi service there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
SHAP (words)
In wifi service there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
#80 · cve_id CVE-2022-42760 · pr
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In wlan ▁driver ▁there ▁is ▁a ▁po ssi ble ▁mi ssi ng ▁bound s ▁check ▁This ▁could ▁lead ▁to ▁local ▁denial ▁of ▁service ▁in wlan ▁services . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In wlan driver there is a possible missing bounds check This could lead to local denial of service in wlan services.
SHAP (words)
In wlan driver there is a possible missing bounds check This could lead to local denial of service in wlan services
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In wlan driver there is a p ##o ssi b ##le mi ssi ng bounds check This could lead to local denial of service in wlan services . [SEP]
LRP (+Pred, pos-only)
[CLS] In wlan driver there is a p ##o ssi b ##le mi ssi ng bounds check This could lead to local denial of service in wlan services . [SEP]
LIME (words)
In wlan driver there is a possible missing bounds check This could lead to local denial of service in wlan services.
SHAP (words)
In wlan driver there is a possible missing bounds check This could lead to local denial of service in wlan services
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In wlan driver there is a p ##o ssi b ##le mi ssi ng bounds check This could lead to local denial of service in wlan services . [SEP]
LRP (+Pred, pos-only)
[CLS] In wlan driver there is a p ##o ssi b ##le mi ssi ng bounds check This could lead to local denial of service in wlan services . [SEP]
LIME (words)
In wlan driver there is a possible missing bounds check This could lead to local denial of service in wlan services.
SHAP (words)
In wlan driver there is a possible missing bounds check This could lead to local denial of service in wlan services